./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1545419120 <...> DUID 00:04:e6:d8:3e:4c:c1:15:84:42:dc:00:60:8c:e3:5f:26:b4 forked to background, child pid 3208 [ 29.538905][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.548391][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.76' (ECDSA) to the list of known hosts. execve("./syz-executor1545419120", ["./syz-executor1545419120"], 0x7ffeef4528c0 /* 10 vars */) = 0 brk(NULL) = 0x555556379000 brk(0x555556379c40) = 0x555556379c40 arch_prctl(ARCH_SET_FS, 0x555556379300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555563795d0) = 3630 set_robust_list(0x5555563795e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fa6ebeba4d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa6ebebaba0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fa6ebeba570, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa6ebebaba0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1545419120", 4096) = 28 brk(0x55555639ac40) = 0x55555639ac40 brk(0x55555639b000) = 0x55555639b000 mprotect(0x7fa6ebf7c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3630 mkdir("./syzkaller.O8iK6H", 0700) = 0 chmod("./syzkaller.O8iK6H", 0777) = 0 chdir("./syzkaller.O8iK6H") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3631 ./strace-static-x86_64: Process 3631 attached [pid 3631] set_robust_list(0x5555563795e0, 24) = 0 [pid 3631] chdir("./0") = 0 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3631] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3631] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3633], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3633 [pid 3631] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3633] memfd_create("syzkaller", 0) = 3 [pid 3633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3633] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3633] close(3) = 0 [pid 3633] mkdir("./file0", 0777) = 0 [pid 3633] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3633] chdir("./file0") = 0 [pid 3633] ioctl(4, LOOP_CLR_FD) = 0 [pid 3633] close(4) = 0 [pid 3633] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3633] <... futex resumed>) = 1 [pid 3631] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3633] open(".", O_RDONLY [pid 3631] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... open resumed>) = 4 [pid 3633] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] <... futex resumed>) = 0 [pid 3633] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3631] <... futex resumed>) = 0 [pid 3633] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3631] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... mkdirat resumed>) = 0 [pid 3633] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3633] sync( [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3631] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3635], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3635 [pid 3631] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3635 attached [pid 3635] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3635] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3635] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3635] <... futex resumed>) = 1 syzkaller login: [ 53.001214][ T3633] loop0: detected capacity change from 0 to 64 [pid 3635] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] exit_group(0 [pid 3635] <... futex resumed>) = ? [pid 3631] <... exit_group resumed>) = ? [pid 3635] +++ exited with 0 +++ [pid 3633] <... sync resumed>) = ? [pid 3633] +++ exited with 0 +++ [pid 3631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3636 ./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x5555563795e0, 24) = 0 [pid 3636] chdir("./1") = 0 [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3636] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3636] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3637], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3637 [pid 3636] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3637] memfd_create("syzkaller", 0) = 3 [pid 3637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3637] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3637] close(3) = 0 [pid 3637] mkdir("./file0", 0777) = 0 [pid 3637] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3637] chdir("./file0") = 0 [pid 3637] ioctl(4, LOOP_CLR_FD) = 0 [pid 3637] close(4) = 0 [pid 3637] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3637] <... futex resumed>) = 1 [pid 3636] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] open(".", O_RDONLY) = 4 [pid 3637] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3637] <... futex resumed>) = 1 [pid 3637] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3637] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] <... futex resumed>) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3636] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3636] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3638], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3638 [pid 3636] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3637] sync( [pid 3636] <... futex resumed>) = 0 [pid 3636] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3638 attached [pid 3638] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3638] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3638] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] <... futex resumed>) = 0 [pid 3638] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3637] <... sync resumed>) = 0 [pid 3637] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3637] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] exit_group(0) = ? [pid 3637] <... futex resumed>) = ? [pid 3638] <... futex resumed>) = ? [pid 3637] +++ exited with 0 +++ [pid 3638] +++ exited with 0 +++ [pid 3636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 53.315145][ T3637] loop0: detected capacity change from 0 to 64 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3639 attached , child_tidptr=0x5555563795d0) = 3639 [pid 3639] set_robust_list(0x5555563795e0, 24) = 0 [pid 3639] chdir("./2") = 0 [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3639] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3639] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3639] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3640 attached , parent_tid=[3640], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3640 [pid 3640] set_robust_list(0x7fa6ebea99e0, 24 [pid 3639] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3640] <... set_robust_list resumed>) = 0 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3640] memfd_create("syzkaller", 0) = 3 [pid 3640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3640] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3640] close(3) = 0 [pid 3640] mkdir("./file0", 0777) = 0 [pid 3640] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3640] chdir("./file0") = 0 [pid 3640] ioctl(4, LOOP_CLR_FD) = 0 [pid 3640] close(4) = 0 [pid 3640] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3639] <... futex resumed>) = 0 [pid 3640] open(".", O_RDONLY [pid 3639] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... open resumed>) = 4 [pid 3640] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3640] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3639] <... futex resumed>) = 0 [pid 3639] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] sync( [pid 3639] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3639] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3639] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3641], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3641 [pid 3639] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] <... sync resumed>) = 0 [pid 3640] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3640] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3641 attached [pid 3641] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3641] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3641] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3639] <... futex resumed>) = 0 [pid 3641] <... futex resumed>) = 1 [pid 3641] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3639] exit_group(0 [pid 3640] <... futex resumed>) = ? [pid 3639] <... exit_group resumed>) = ? [pid 3641] <... futex resumed>) = ? [pid 3640] +++ exited with 0 +++ [pid 3641] +++ exited with 0 +++ [pid 3639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 53.419982][ T3640] loop0: detected capacity change from 0 to 64 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3642 ./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x5555563795e0, 24) = 0 [pid 3642] chdir("./3") = 0 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3642] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3642] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3643 attached , parent_tid=[3643], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3643 [pid 3643] set_robust_list(0x7fa6ebea99e0, 24 [pid 3642] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... set_robust_list resumed>) = 0 [pid 3642] <... futex resumed>) = 0 [pid 3643] memfd_create("syzkaller", 0 [pid 3642] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3643] <... memfd_create resumed>) = 3 [pid 3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3643] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3643] close(3) = 0 [pid 3643] mkdir("./file0", 0777) = 0 [pid 3643] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3643] chdir("./file0") = 0 [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3643] close(4) = 0 [pid 3643] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] open(".", O_RDONLY) = 4 [pid 3643] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3643] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = 0 [pid 3642] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3642] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3642] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3644], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3644 [pid 3642] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3642] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3643] <... futex resumed>) = 1 [pid 3643] sync() = 0 [pid 3643] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3643] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3644 attached [pid 3644] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3644] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3644] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3642] <... futex resumed>) = 0 [pid 3642] exit_group(0) = ? [pid 3643] <... futex resumed>) = ? [pid 3643] +++ exited with 0 +++ [pid 3644] +++ exited with 0 +++ [pid 3642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 53.520684][ T3643] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] set_robust_list(0x5555563795e0, 24) = 0 [pid 3645] chdir("./4") = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3645] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3645] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3646], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3646 [pid 3645] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3646 attached ) = 0 [pid 3646] set_robust_list(0x7fa6ebea99e0, 24 [pid 3645] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3646] <... set_robust_list resumed>) = 0 [pid 3646] memfd_create("syzkaller", 0) = 3 [pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3646] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3646] close(3) = 0 [pid 3646] mkdir("./file0", 0777) = 0 [pid 3646] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3646] chdir("./file0") = 0 [pid 3646] ioctl(4, LOOP_CLR_FD) = 0 [pid 3646] close(4) = 0 [pid 3646] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3646] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... futex resumed>) = 0 [pid 3646] open(".", O_RDONLY) = 4 [pid 3646] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3646] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3645] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3645] <... futex resumed>) = 0 [pid 3646] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3645] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... mkdirat resumed>) = 0 [pid 3646] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3646] sync( [pid 3645] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3645] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3645] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3647], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3647 [pid 3645] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3645] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3646] <... sync resumed>) = 0 [pid 3646] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3646] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3647 attached [pid 3647] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3647] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3647] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3645] <... futex resumed>) = 0 [pid 3645] exit_group(0 [pid 3646] <... futex resumed>) = ? [pid 3645] <... exit_group resumed>) = ? [pid 3646] +++ exited with 0 +++ [pid 3647] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 53.609917][ T3646] loop0: detected capacity change from 0 to 64 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] set_robust_list(0x5555563795e0, 24) = 0 [pid 3648] chdir("./5") = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3648] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3648] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3649], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3648] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3649] set_robust_list(0x7fa6ebea99e0, 24 [pid 3648] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3649] <... set_robust_list resumed>) = 0 [pid 3649] memfd_create("syzkaller", 0) = 3 [pid 3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3649] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3649] close(3) = 0 [pid 3649] mkdir("./file0", 0777) = 0 [pid 3649] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3649] chdir("./file0") = 0 [pid 3649] ioctl(4, LOOP_CLR_FD) = 0 [pid 3649] close(4) = 0 [pid 3649] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] open(".", O_RDONLY) = 4 [pid 3649] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] <... futex resumed>) = 0 [pid 3648] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3649] <... futex resumed>) = 1 [pid 3649] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3649] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3649] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3648] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3648] <... futex resumed>) = 0 [pid 3649] sync( [pid 3648] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3648] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3648] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3650 attached , parent_tid=[3650], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3650 [pid 3650] set_robust_list(0x7fa6ebe889e0, 24 [pid 3648] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3650] <... set_robust_list resumed>) = 0 [pid 3648] <... futex resumed>) = 0 [pid 3650] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3648] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3650] <... openat resumed>) = 5 [pid 3650] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3648] <... futex resumed>) = 0 [pid 3650] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3649] <... sync resumed>) = 0 [pid 3649] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3648] exit_group(0) = ? [pid 3650] <... futex resumed>) = ? [pid 3650] +++ exited with 0 +++ [pid 3649] <... futex resumed>) = ? [pid 3649] +++ exited with 0 +++ [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 [ 53.711433][ T3649] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3651 ./strace-static-x86_64: Process 3651 attached [pid 3651] set_robust_list(0x5555563795e0, 24) = 0 [pid 3651] chdir("./6") = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3651] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3651] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3651] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3652 attached , parent_tid=[3652], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3652 [pid 3652] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3652] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3652] <... futex resumed>) = 0 [pid 3651] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3652] memfd_create("syzkaller", 0) = 3 [pid 3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3652] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3652] close(3) = 0 [pid 3652] mkdir("./file0", 0777) = 0 [pid 3652] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3652] chdir("./file0") = 0 [pid 3652] ioctl(4, LOOP_CLR_FD) = 0 [pid 3652] close(4) = 0 [pid 3652] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3652] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] <... futex resumed>) = 0 [pid 3652] open(".", O_RDONLY) = 4 [pid 3652] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3652] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3652] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3651] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3651] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3652] sync( [pid 3651] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3651] <... clone resumed>, parent_tid=[3653], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3653 [pid 3651] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3651] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3653] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3653] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3651] <... futex resumed>) = 0 [pid 3653] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3652] <... sync resumed>) = 0 [pid 3652] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3652] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3651] exit_group(0 [pid 3652] <... futex resumed>) = ? [pid 3651] <... exit_group resumed>) = ? [pid 3653] <... futex resumed>) = ? [pid 3652] +++ exited with 0 +++ [pid 3653] +++ exited with 0 +++ [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3654 [ 53.805353][ T3652] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 3654 attached [pid 3654] set_robust_list(0x5555563795e0, 24) = 0 [pid 3654] chdir("./7") = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3654] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3654] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3654] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3655 attached [pid 3655] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3655] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3654] <... clone resumed>, parent_tid=[3655], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3655 [pid 3654] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3655] <... futex resumed>) = 0 [pid 3654] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3655] memfd_create("syzkaller", 0) = 3 [pid 3655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3655] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3655] close(3) = 0 [pid 3655] mkdir("./file0", 0777) = 0 [pid 3655] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3655] chdir("./file0") = 0 [pid 3655] ioctl(4, LOOP_CLR_FD) = 0 [pid 3655] close(4) = 0 [pid 3655] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3655] open(".", O_RDONLY [pid 3654] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3655] <... open resumed>) = 4 [pid 3655] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] <... futex resumed>) = 0 [pid 3654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3654] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3655] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3655] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3654] <... futex resumed>) = 0 [pid 3654] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3654] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3654] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3656 attached , parent_tid=[3656], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3656 [pid 3654] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3656] set_robust_list(0x7fa6ebe889e0, 24 [pid 3654] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3656] <... set_robust_list resumed>) = 0 [pid 3656] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3655] sync( [pid 3656] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3654] <... futex resumed>) = 0 [pid 3656] <... futex resumed>) = 1 [pid 3656] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3655] <... sync resumed>) = 0 [pid 3655] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3654] exit_group(0 [pid 3656] <... futex resumed>) = ? [pid 3654] <... exit_group resumed>) = ? [pid 3656] +++ exited with 0 +++ [pid 3655] +++ exited with 0 +++ [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 53.894691][ T3655] loop0: detected capacity change from 0 to 64 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] set_robust_list(0x5555563795e0, 24) = 0 [pid 3657] chdir("./8") = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3657] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3657] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3658 attached [pid 3658] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3658] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] <... clone resumed>, parent_tid=[3658], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3658 [pid 3657] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3658] <... futex resumed>) = 0 [pid 3658] memfd_create("syzkaller", 0 [pid 3657] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3658] <... memfd_create resumed>) = 3 [pid 3658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3658] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3658] close(3) = 0 [pid 3658] mkdir("./file0", 0777) = 0 [pid 3658] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3658] chdir("./file0") = 0 [pid 3658] ioctl(4, LOOP_CLR_FD) = 0 [pid 3658] close(4) = 0 [pid 3658] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3658] <... futex resumed>) = 0 [pid 3657] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] open(".", O_RDONLY) = 4 [pid 3658] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3657] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3657] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3658] <... mkdirat resumed>) = 0 [pid 3658] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3658] sync( [pid 3657] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3657] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3657] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3659], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3659 [pid 3657] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3659 attached [pid 3657] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3659] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3659] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3658] <... sync resumed>) = 0 [pid 3658] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3658] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3659] <... openat resumed>) = 5 [pid 3659] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3657] <... futex resumed>) = 0 [pid 3659] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3657] exit_group(0) = ? [pid 3658] <... futex resumed>) = ? [pid 3658] +++ exited with 0 +++ [pid 3659] <... futex resumed>) = ? [pid 3659] +++ exited with 0 +++ [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3660 ./strace-static-x86_64: Process 3660 attached [ 54.006954][ T3658] loop0: detected capacity change from 0 to 64 [pid 3660] set_robust_list(0x5555563795e0, 24) = 0 [pid 3660] chdir("./9") = 0 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3660] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3660] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3661 attached [pid 3661] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3661] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] <... clone resumed>, parent_tid=[3661], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3661 [pid 3660] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 0 [pid 3661] memfd_create("syzkaller", 0) = 3 [pid 3661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3661] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3661] close(3) = 0 [pid 3661] mkdir("./file0", 0777) = 0 [pid 3661] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3661] chdir("./file0") = 0 [pid 3661] ioctl(4, LOOP_CLR_FD) = 0 [pid 3661] close(4) = 0 [pid 3661] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3661] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3660] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 0 [pid 3661] open(".", O_RDONLY) = 4 [pid 3661] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 [pid 3661] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3661] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3660] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3660] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3660] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3662], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3662 [pid 3660] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3660] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3661] <... futex resumed>) = 1 ./strace-static-x86_64: Process 3662 attached [pid 3662] set_robust_list(0x7fa6ebe889e0, 24 [pid 3661] sync( [pid 3662] <... set_robust_list resumed>) = 0 [pid 3662] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3662] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3660] <... futex resumed>) = 0 [pid 3662] <... futex resumed>) = 1 [pid 3662] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3661] <... sync resumed>) = 0 [pid 3661] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3661] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3660] exit_group(0) = ? [pid 3661] <... futex resumed>) = ? [pid 3662] <... futex resumed>) = ? [pid 3661] +++ exited with 0 +++ [pid 3662] +++ exited with 0 +++ [pid 3660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 54.096255][ T3661] loop0: detected capacity change from 0 to 64 lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3663 ./strace-static-x86_64: Process 3663 attached [pid 3663] set_robust_list(0x5555563795e0, 24) = 0 [pid 3663] chdir("./10") = 0 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3663] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3663] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3664 attached [pid 3664] set_robust_list(0x7fa6ebea99e0, 24 [pid 3663] <... clone resumed>, parent_tid=[3664], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3664 [pid 3663] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... set_robust_list resumed>) = 0 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3664] memfd_create("syzkaller", 0) = 3 [pid 3664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3664] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3664] close(3) = 0 [pid 3664] mkdir("./file0", 0777) = 0 [pid 3664] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3664] chdir("./file0") = 0 [pid 3664] ioctl(4, LOOP_CLR_FD) = 0 [pid 3664] close(4) = 0 [pid 3664] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] open(".", O_RDONLY) = 4 [pid 3664] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3664] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3664] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] sync( [pid 3663] <... futex resumed>) = 0 [pid 3663] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3663] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3663] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3665], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3665 [pid 3663] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3663] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3665 attached [pid 3665] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3665] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3664] <... sync resumed>) = 0 [pid 3664] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3665] <... openat resumed>) = 5 [pid 3665] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3663] <... futex resumed>) = 0 [pid 3663] exit_group(0 [pid 3664] <... futex resumed>) = ? [pid 3663] <... exit_group resumed>) = ? [pid 3664] +++ exited with 0 +++ [pid 3665] +++ exited with 0 +++ [pid 3663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 54.189408][ T3664] loop0: detected capacity change from 0 to 64 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3666 ./strace-static-x86_64: Process 3666 attached [pid 3666] set_robust_list(0x5555563795e0, 24) = 0 [pid 3666] chdir("./11") = 0 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3666] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3666] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3667 attached [pid 3667] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3667] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] <... clone resumed>, parent_tid=[3667], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3667 [pid 3666] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3667] <... futex resumed>) = 0 [pid 3666] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3667] memfd_create("syzkaller", 0) = 3 [pid 3667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3667] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3667] close(3) = 0 [pid 3667] mkdir("./file0", 0777) = 0 [pid 3667] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3667] chdir("./file0") = 0 [pid 3667] ioctl(4, LOOP_CLR_FD) = 0 [pid 3667] close(4) = 0 [pid 3667] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3667] <... futex resumed>) = 1 [pid 3666] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] open(".", O_RDONLY) = 4 [pid 3667] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3667] <... futex resumed>) = 1 [pid 3666] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3667] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3667] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] <... futex resumed>) = 0 [pid 3667] sync( [pid 3666] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3666] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3666] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3668 attached , parent_tid=[3668], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3668 [pid 3668] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3668] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3666] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3668] <... futex resumed>) = 0 [pid 3668] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3668] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3666] <... futex resumed>) = 0 [pid 3668] <... futex resumed>) = 1 [pid 3668] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3667] <... sync resumed>) = 0 [pid 3667] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3667] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3666] exit_group(0) = ? [pid 3667] <... futex resumed>) = ? [pid 3667] +++ exited with 0 +++ [pid 3668] <... futex resumed>) = ? [pid 3668] +++ exited with 0 +++ [pid 3666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 54.290147][ T3667] loop0: detected capacity change from 0 to 64 rmdir("./11/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3669 attached [pid 3669] set_robust_list(0x5555563795e0, 24) = 0 [pid 3669] chdir("./12") = 0 [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3669 [pid 3669] <... prctl resumed>) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3669] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3669] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3669] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3670], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3670 [pid 3669] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3670 attached [pid 3670] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3670] memfd_create("syzkaller", 0) = 3 [pid 3670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3670] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3670] close(3) = 0 [pid 3670] mkdir("./file0", 0777) = 0 [pid 3670] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3670] chdir("./file0") = 0 [pid 3670] ioctl(4, LOOP_CLR_FD) = 0 [pid 3670] close(4) = 0 [pid 3670] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] open(".", O_RDONLY [pid 3669] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] <... open resumed>) = 4 [pid 3669] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3670] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3669] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] <... mkdirat resumed>) = 0 [pid 3669] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3670] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3669] <... futex resumed>) = 0 [pid 3669] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3670] <... futex resumed>) = 0 [pid 3669] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3670] sync( [pid 3669] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3669] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3669] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3671], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3671 [pid 3669] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3669] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3671 attached [pid 3671] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3670] <... sync resumed>) = 0 [pid 3670] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3670] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3671] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3671] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3669] <... futex resumed>) = 0 [pid 3669] exit_group(0) = ? [pid 3670] <... futex resumed>) = ? [pid 3670] +++ exited with 0 +++ [pid 3671] +++ exited with 0 +++ [pid 3669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 54.381781][ T3670] loop0: detected capacity change from 0 to 64 lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3672 ./strace-static-x86_64: Process 3672 attached [pid 3672] set_robust_list(0x5555563795e0, 24) = 0 [pid 3672] chdir("./13") = 0 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3672] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3672] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3673 attached [pid 3673] set_robust_list(0x7fa6ebea99e0, 24 [pid 3672] <... clone resumed>, parent_tid=[3673], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3673 [pid 3673] <... set_robust_list resumed>) = 0 [pid 3672] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3673] memfd_create("syzkaller", 0 [pid 3672] <... futex resumed>) = 0 [pid 3673] <... memfd_create resumed>) = 3 [pid 3672] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3673] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3673] close(3) = 0 [pid 3673] mkdir("./file0", 0777) = 0 [pid 3673] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3673] chdir("./file0") = 0 [pid 3673] ioctl(4, LOOP_CLR_FD) = 0 [pid 3673] close(4) = 0 [pid 3673] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] <... futex resumed>) = 0 [pid 3672] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] <... futex resumed>) = 0 [pid 3673] open(".", O_RDONLY) = 4 [pid 3673] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3672] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3673] <... futex resumed>) = 0 [pid 3673] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3673] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3672] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3672] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3673] <... futex resumed>) = 0 [pid 3672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3673] sync( [pid 3672] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3672] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3672] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3674 attached , parent_tid=[3674], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3674 [pid 3672] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3674] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3674] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3673] <... sync resumed>) = 0 [pid 3674] <... openat resumed>) = 5 [pid 3674] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3672] <... futex resumed>) = 0 [pid 3673] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3672] exit_group(0) = ? [pid 3674] +++ exited with 0 +++ [pid 3673] +++ exited with 0 +++ [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 54.475222][ T3673] loop0: detected capacity change from 0 to 64 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3675 attached [pid 3675] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3675 [pid 3675] <... set_robust_list resumed>) = 0 [pid 3675] chdir("./14") = 0 [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3675] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3675] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3676 attached , parent_tid=[3676], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3676 [pid 3675] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3676] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3676] memfd_create("syzkaller", 0) = 3 [pid 3676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3676] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3676] close(3) = 0 [pid 3676] mkdir("./file0", 0777) = 0 [pid 3676] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3676] chdir("./file0") = 0 [pid 3676] ioctl(4, LOOP_CLR_FD) = 0 [pid 3676] close(4) = 0 [pid 3676] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... futex resumed>) = 1 [pid 3676] open(".", O_RDONLY) = 4 [pid 3676] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... futex resumed>) = 1 [pid 3676] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3676] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3675] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3675] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3677], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3677 [pid 3675] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3675] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3676] <... futex resumed>) = 1 [pid 3676] sync(./strace-static-x86_64: Process 3677 attached [pid 3677] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3677] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3676] <... sync resumed>) = 0 [pid 3676] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3676] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3677] <... openat resumed>) = 5 [pid 3677] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3675] <... futex resumed>) = 0 [pid 3675] exit_group(0) = ? [pid 3677] <... futex resumed>) = ? [pid 3677] +++ exited with 0 +++ [pid 3676] <... futex resumed>) = ? [pid 3676] +++ exited with 0 +++ [pid 3675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 54.571361][ T3676] loop0: detected capacity change from 0 to 64 lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3678 ./strace-static-x86_64: Process 3678 attached [pid 3678] set_robust_list(0x5555563795e0, 24) = 0 [pid 3678] chdir("./15") = 0 [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3678] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3678] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3679 attached , parent_tid=[3679], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3679 [pid 3679] set_robust_list(0x7fa6ebea99e0, 24 [pid 3678] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] <... set_robust_list resumed>) = 0 [pid 3678] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3679] memfd_create("syzkaller", 0) = 3 [pid 3679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3679] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3679] close(3) = 0 [pid 3679] mkdir("./file0", 0777) = 0 [pid 3679] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3679] chdir("./file0") = 0 [pid 3679] ioctl(4, LOOP_CLR_FD) = 0 [pid 3679] close(4) = 0 [pid 3679] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3679] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 0 [pid 3679] open(".", O_RDONLY) = 4 [pid 3679] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3679] <... futex resumed>) = 1 [pid 3679] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3679] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3678] <... futex resumed>) = 0 [pid 3678] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3679] <... futex resumed>) = 1 [pid 3678] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3679] sync( [pid 3678] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3678] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3680], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3680 [pid 3678] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3678] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3680 attached [pid 3680] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3680] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3679] <... sync resumed>) = 0 [pid 3679] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3679] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3680] <... openat resumed>) = 5 [pid 3680] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3678] <... futex resumed>) = 0 [pid 3680] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3678] exit_group(0 [pid 3680] <... futex resumed>) = ? [pid 3679] <... futex resumed>) = ? [pid 3678] <... exit_group resumed>) = ? [pid 3680] +++ exited with 0 +++ [pid 3679] +++ exited with 0 +++ [pid 3678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 54.660078][ T3679] loop0: detected capacity change from 0 to 64 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3681 attached , child_tidptr=0x5555563795d0) = 3681 [pid 3681] set_robust_list(0x5555563795e0, 24) = 0 [pid 3681] chdir("./16") = 0 [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3681] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3681] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3682 attached , parent_tid=[3682], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3682 [pid 3682] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3682] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3681] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3682] <... futex resumed>) = 0 [pid 3682] memfd_create("syzkaller", 0 [pid 3681] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3682] <... memfd_create resumed>) = 3 [pid 3682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3682] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3682] close(3) = 0 [pid 3682] mkdir("./file0", 0777) = 0 [pid 3682] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3682] chdir("./file0") = 0 [pid 3682] ioctl(4, LOOP_CLR_FD) = 0 [pid 3682] close(4) = 0 [pid 3682] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] open(".", O_RDONLY) = 4 [pid 3682] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3682] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3682] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3681] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3681] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3682] sync( [pid 3681] <... clone resumed>, parent_tid=[3683], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3683 [pid 3681] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3681] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3683 attached [pid 3683] set_robust_list(0x7fa6ebe889e0, 24 [pid 3682] <... sync resumed>) = 0 [pid 3683] <... set_robust_list resumed>) = 0 [pid 3682] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3682] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3683] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3683] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3681] <... futex resumed>) = 0 [pid 3681] exit_group(0) = ? [pid 3682] <... futex resumed>) = ? [pid 3682] +++ exited with 0 +++ [pid 3683] +++ exited with 0 +++ [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 [ 54.761255][ T3682] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3684 ./strace-static-x86_64: Process 3684 attached [pid 3684] set_robust_list(0x5555563795e0, 24) = 0 [pid 3684] chdir("./17") = 0 [pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3684] setpgid(0, 0) = 0 [pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3684] write(3, "1000", 4) = 4 [pid 3684] close(3) = 0 [pid 3684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3684] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3684] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3684] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3685], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3685 ./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3685] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3684] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] <... futex resumed>) = 0 [pid 3684] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3685] memfd_create("syzkaller", 0) = 3 [pid 3685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3685] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3685] close(3) = 0 [pid 3685] mkdir("./file0", 0777) = 0 [pid 3685] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3685] chdir("./file0") = 0 [pid 3685] ioctl(4, LOOP_CLR_FD) = 0 [pid 3685] close(4) = 0 [pid 3685] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] open(".", O_RDONLY) = 4 [pid 3685] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3685] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3685] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3684] <... futex resumed>) = 0 [pid 3684] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3684] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 3685] sync( [pid 3684] <... mprotect resumed>) = 0 [pid 3684] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3686], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3686 [pid 3684] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3686] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3686] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3684] <... futex resumed>) = 0 [pid 3686] <... futex resumed>) = 1 [pid 3686] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3685] <... sync resumed>) = 0 [pid 3685] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3684] exit_group(0) = ? [pid 3686] <... futex resumed>) = ? [pid 3686] +++ exited with 0 +++ [pid 3685] +++ exited with 0 +++ [pid 3684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 54.849217][ T3685] loop0: detected capacity change from 0 to 64 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x5555563795e0, 24) = 0 [pid 3687] chdir("./18") = 0 [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3687] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3687] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3688], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3688 [pid 3687] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3688 attached [pid 3688] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3688] memfd_create("syzkaller", 0) = 3 [pid 3688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3688] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3688] close(3) = 0 [pid 3688] mkdir("./file0", 0777) = 0 [pid 3688] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3688] chdir("./file0") = 0 [pid 3688] ioctl(4, LOOP_CLR_FD) = 0 [pid 3688] close(4) = 0 [pid 3688] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3688] open(".", O_RDONLY) = 4 [pid 3688] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3688] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3687] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3687] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3688] <... futex resumed>) = 0 [pid 3687] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3688] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3688] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3687] <... futex resumed>) = 0 [pid 3687] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3687] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3687] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3689 attached [pid 3689] set_robust_list(0x7fa6ebe889e0, 24 [pid 3687] <... clone resumed>, parent_tid=[3689], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3689 [pid 3687] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3689] <... set_robust_list resumed>) = 0 [pid 3687] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3689] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3688] sync( [pid 3689] <... openat resumed>) = 5 [pid 3689] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... futex resumed>) = 0 [pid 3689] <... futex resumed>) = 1 [ 54.946409][ T3688] loop0: detected capacity change from 0 to 64 [pid 3689] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3688] <... sync resumed>) = 0 [pid 3688] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] exit_group(0) = ? [pid 3689] <... futex resumed>) = ? [pid 3689] +++ exited with 0 +++ [pid 3688] +++ exited with 0 +++ [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3690 ./strace-static-x86_64: Process 3690 attached [pid 3690] set_robust_list(0x5555563795e0, 24) = 0 [pid 3690] chdir("./19") = 0 [pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3690] setpgid(0, 0) = 0 [pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3690] write(3, "1000", 4) = 4 [pid 3690] close(3) = 0 [pid 3690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3690] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3690] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3690] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3691 attached , parent_tid=[3691], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3691 [pid 3691] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3691] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3690] <... futex resumed>) = 0 [pid 3691] memfd_create("syzkaller", 0 [pid 3690] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3691] <... memfd_create resumed>) = 3 [pid 3691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3691] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3691] close(3) = 0 [pid 3691] mkdir("./file0", 0777) = 0 [pid 3691] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3691] chdir("./file0") = 0 [pid 3691] ioctl(4, LOOP_CLR_FD) = 0 [pid 3691] close(4) = 0 [pid 3691] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3691] open(".", O_RDONLY [pid 3690] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... open resumed>) = 4 [pid 3691] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3691] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3690] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3691] <... mkdirat resumed>) = 0 [pid 3691] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3691] sync( [pid 3690] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3690] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3690] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3692], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3692 [pid 3690] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3690] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3692 attached [pid 3692] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3691] <... sync resumed>) = 0 [pid 3691] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3692] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3691] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3692] <... openat resumed>) = 5 [pid 3692] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3690] <... futex resumed>) = 0 [pid 3692] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3690] exit_group(0 [pid 3692] <... futex resumed>) = ? [pid 3691] <... futex resumed>) = ? [pid 3690] <... exit_group resumed>) = ? [pid 3692] +++ exited with 0 +++ [pid 3691] +++ exited with 0 +++ [pid 3690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3690, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 55.059318][ T3691] loop0: detected capacity change from 0 to 64 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3693 ./strace-static-x86_64: Process 3693 attached [pid 3693] set_robust_list(0x5555563795e0, 24) = 0 [pid 3693] chdir("./20") = 0 [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3693] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3693] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3693] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3694 attached [pid 3694] set_robust_list(0x7fa6ebea99e0, 24 [pid 3693] <... clone resumed>, parent_tid=[3694], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3694 [pid 3694] <... set_robust_list resumed>) = 0 [pid 3693] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] memfd_create("syzkaller", 0 [pid 3693] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3694] <... memfd_create resumed>) = 3 [pid 3694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3694] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3694] close(3) = 0 [pid 3694] mkdir("./file0", 0777) = 0 [pid 3694] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3694] chdir("./file0") = 0 [pid 3694] ioctl(4, LOOP_CLR_FD) = 0 [pid 3694] close(4) = 0 [pid 3694] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3694] <... futex resumed>) = 0 [pid 3694] open(".", O_RDONLY [pid 3693] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... open resumed>) = 4 [pid 3694] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3694] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3694] <... futex resumed>) = 0 [pid 3694] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3694] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3693] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3693] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] sync( [pid 3693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3693] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3693] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3695], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3695 [pid 3693] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3695 attached [pid 3693] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3695] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3695] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3694] <... sync resumed>) = 0 [pid 3694] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3694] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3695] <... openat resumed>) = 5 [pid 3695] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3693] <... futex resumed>) = 0 [pid 3695] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3693] exit_group(0 [pid 3695] <... futex resumed>) = ? [pid 3694] <... futex resumed>) = ? [pid 3693] <... exit_group resumed>) = ? [pid 3694] +++ exited with 0 +++ [pid 3695] +++ exited with 0 +++ [pid 3693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.178389][ T3694] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3696 ./strace-static-x86_64: Process 3696 attached [pid 3696] set_robust_list(0x5555563795e0, 24) = 0 [pid 3696] chdir("./21") = 0 [pid 3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3696] setpgid(0, 0) = 0 [pid 3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3696] write(3, "1000", 4) = 4 [pid 3696] close(3) = 0 [pid 3696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3696] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3696] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3696] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3697 attached , parent_tid=[3697], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3697 [pid 3697] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3697] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3697] <... futex resumed>) = 0 [pid 3696] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3697] memfd_create("syzkaller", 0) = 3 [pid 3697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3697] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3697] close(3) = 0 [pid 3697] mkdir("./file0", 0777) = 0 [pid 3697] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3697] chdir("./file0") = 0 [pid 3697] ioctl(4, LOOP_CLR_FD) = 0 [pid 3697] close(4) = 0 [pid 3697] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3697] open(".", O_RDONLY [pid 3696] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... open resumed>) = 4 [pid 3697] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3697] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3696] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... mkdirat resumed>) = 0 [pid 3697] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3697] sync( [pid 3696] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3696] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3696] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3698], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3698 [pid 3696] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3696] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3697] <... sync resumed>) = 0 [pid 3697] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3698 attached [pid 3697] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3698] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3698] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3698] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3696] <... futex resumed>) = 0 [pid 3698] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3696] exit_group(0) = ? [pid 3697] <... futex resumed>) = ? [pid 3698] <... futex resumed>) = ? [pid 3697] +++ exited with 0 +++ [pid 3698] +++ exited with 0 +++ [pid 3696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3696, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 55.288174][ T3697] loop0: detected capacity change from 0 to 64 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3699 ./strace-static-x86_64: Process 3699 attached [pid 3699] set_robust_list(0x5555563795e0, 24) = 0 [pid 3699] chdir("./22") = 0 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3699] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3699] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3699] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3700 attached , parent_tid=[3700], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3700 [pid 3700] set_robust_list(0x7fa6ebea99e0, 24 [pid 3699] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] <... set_robust_list resumed>) = 0 [pid 3699] <... futex resumed>) = 0 [pid 3699] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3700] memfd_create("syzkaller", 0) = 3 [pid 3700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3700] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3700] close(3) = 0 [pid 3700] mkdir("./file0", 0777) = 0 [pid 3700] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3700] chdir("./file0") = 0 [pid 3700] ioctl(4, LOOP_CLR_FD) = 0 [pid 3700] close(4) = 0 [pid 3700] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3699] <... futex resumed>) = 0 [pid 3700] <... futex resumed>) = 1 [pid 3699] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] open(".", O_RDONLY [pid 3699] <... futex resumed>) = 0 [pid 3700] <... open resumed>) = 4 [pid 3699] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] <... futex resumed>) = 0 [pid 3700] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3699] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3700] <... mkdirat resumed>) = 0 [pid 3700] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] <... futex resumed>) = 0 [pid 3700] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3699] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3700] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3699] <... futex resumed>) = 0 [pid 3700] sync( [pid 3699] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3699] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3699] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3701 attached , parent_tid=[3701], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3701 [pid 3701] set_robust_list(0x7fa6ebe889e0, 24 [pid 3699] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3701] <... set_robust_list resumed>) = 0 [pid 3699] <... futex resumed>) = 0 [pid 3701] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3699] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3701] <... openat resumed>) = 5 [pid 3701] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3699] <... futex resumed>) = 0 [pid 3701] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3700] <... sync resumed>) = 0 [pid 3700] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3700] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3699] exit_group(0) = ? [pid 3701] <... futex resumed>) = ? [pid 3700] <... futex resumed>) = ? [pid 3700] +++ exited with 0 +++ [pid 3701] +++ exited with 0 +++ [pid 3699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.380694][ T3700] loop0: detected capacity change from 0 to 64 lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3702 ./strace-static-x86_64: Process 3702 attached [pid 3702] set_robust_list(0x5555563795e0, 24) = 0 [pid 3702] chdir("./23") = 0 [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3702] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3702] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3703 attached , parent_tid=[3703], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3703 [pid 3703] set_robust_list(0x7fa6ebea99e0, 24 [pid 3702] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... set_robust_list resumed>) = 0 [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3703] memfd_create("syzkaller", 0) = 3 [pid 3703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3703] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3703] close(3) = 0 [pid 3703] mkdir("./file0", 0777) = 0 [pid 3703] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3703] chdir("./file0") = 0 [pid 3703] ioctl(4, LOOP_CLR_FD) = 0 [pid 3703] close(4) = 0 [pid 3703] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3703] open(".", O_RDONLY [pid 3702] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3703] <... open resumed>) = 4 [pid 3702] <... futex resumed>) = 0 [pid 3703] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3702] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = 0 [pid 3703] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3702] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3703] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3703] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3703] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] <... futex resumed>) = 0 [pid 3702] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3702] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3703] sync( [pid 3702] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3702] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3702] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3704], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3704 [pid 3702] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3704 attached ) = 0 [pid 3704] set_robust_list(0x7fa6ebe889e0, 24 [pid 3702] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3704] <... set_robust_list resumed>) = 0 [pid 3703] <... sync resumed>) = 0 [pid 3704] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3703] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3703] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3704] <... openat resumed>) = 5 [pid 3704] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3702] <... futex resumed>) = 0 [pid 3704] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3702] exit_group(0 [pid 3703] <... futex resumed>) = ? [pid 3704] <... futex resumed>) = ? [pid 3702] <... exit_group resumed>) = ? [pid 3703] +++ exited with 0 +++ [pid 3704] +++ exited with 0 +++ [pid 3702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 55.475518][ T3703] loop0: detected capacity change from 0 to 64 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3705 ./strace-static-x86_64: Process 3705 attached [pid 3705] set_robust_list(0x5555563795e0, 24) = 0 [pid 3705] chdir("./24") = 0 [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3705] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3705] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3705] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3706], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3706 [pid 3705] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3706 attached [pid 3706] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3706] memfd_create("syzkaller", 0) = 3 [pid 3706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3706] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3706] close(3) = 0 [pid 3706] mkdir("./file0", 0777) = 0 [pid 3706] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3706] chdir("./file0") = 0 [pid 3706] ioctl(4, LOOP_CLR_FD) = 0 [pid 3706] close(4) = 0 [pid 3706] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3706] <... futex resumed>) = 1 [pid 3705] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3706] open(".", O_RDONLY [pid 3705] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... open resumed>) = 4 [pid 3706] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3706] <... futex resumed>) = 1 [pid 3705] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3706] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3705] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... mkdirat resumed>) = 0 [pid 3706] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3705] <... futex resumed>) = 0 [pid 3706] <... futex resumed>) = 1 [pid 3705] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3706] sync( [pid 3705] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3705] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3705] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3707], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3707 [pid 3705] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3705] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3706] <... sync resumed>) = 0 [pid 3706] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3706] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3707 attached [pid 3707] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3707] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3707] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3705] <... futex resumed>) = 0 [pid 3707] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3705] exit_group(0) = ? [pid 3706] <... futex resumed>) = ? [pid 3707] <... futex resumed>) = ? [pid 3707] +++ exited with 0 +++ [pid 3706] +++ exited with 0 +++ [pid 3705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3708 [ 55.575762][ T3706] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 3708 attached [pid 3708] set_robust_list(0x5555563795e0, 24) = 0 [pid 3708] chdir("./25") = 0 [pid 3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3708] setpgid(0, 0) = 0 [pid 3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3708] write(3, "1000", 4) = 4 [pid 3708] close(3) = 0 [pid 3708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3708] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3708] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3708] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3709 attached , parent_tid=[3709], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3709 [pid 3709] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3709] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3708] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3709] <... futex resumed>) = 0 [pid 3708] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3709] memfd_create("syzkaller", 0) = 3 [pid 3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3709] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3709] close(3) = 0 [pid 3709] mkdir("./file0", 0777) = 0 [pid 3709] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3709] chdir("./file0") = 0 [pid 3709] ioctl(4, LOOP_CLR_FD) = 0 [pid 3709] close(4) = 0 [pid 3709] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 1 [pid 3709] open(".", O_RDONLY) = 4 [pid 3709] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 1 [pid 3709] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3709] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3708] <... futex resumed>) = 0 [pid 3708] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3708] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3708] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3710], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3710 [pid 3708] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3708] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3709] <... futex resumed>) = 1 [pid 3709] sync() = 0 [pid 3709] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3709] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3710 attached [pid 3710] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3710] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3710] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3708] <... futex resumed>) = 0 [pid 3708] exit_group(0) = ? [pid 3710] +++ exited with 0 +++ [pid 3709] <... futex resumed>) = ? [pid 3709] +++ exited with 0 +++ [pid 3708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 55.659273][ T3709] loop0: detected capacity change from 0 to 64 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3711 ./strace-static-x86_64: Process 3711 attached [pid 3711] set_robust_list(0x5555563795e0, 24) = 0 [pid 3711] chdir("./26") = 0 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3711] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3711] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3712 attached , parent_tid=[3712], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3712 [pid 3711] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3712] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3712] memfd_create("syzkaller", 0) = 3 [pid 3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3712] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3712] close(3) = 0 [pid 3712] mkdir("./file0", 0777) = 0 [pid 3712] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3712] chdir("./file0") = 0 [pid 3712] ioctl(4, LOOP_CLR_FD) = 0 [pid 3712] close(4) = 0 [pid 3712] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] open(".", O_RDONLY [pid 3711] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... open resumed>) = 4 [pid 3712] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3711] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... mkdirat resumed>) = 0 [pid 3712] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = 0 [pid 3711] <... futex resumed>) = 1 [pid 3712] sync( [pid 3711] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3711] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3713], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3713 [pid 3711] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3713 attached [pid 3713] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3713] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3713] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... sync resumed>) = 0 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] exit_group(0 [pid 3712] ????( [pid 3711] <... exit_group resumed>) = ? [pid 3712] <... ???? resumed>) = ? [pid 3712] +++ exited with 0 +++ [pid 3713] <... futex resumed>) = ? [pid 3713] +++ exited with 0 +++ [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 55.746551][ T3712] loop0: detected capacity change from 0 to 64 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3714 ./strace-static-x86_64: Process 3714 attached [pid 3714] set_robust_list(0x5555563795e0, 24) = 0 [pid 3714] chdir("./27") = 0 [pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3714] setpgid(0, 0) = 0 [pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3714] write(3, "1000", 4) = 4 [pid 3714] close(3) = 0 [pid 3714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3714] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3714] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3714] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3715 attached [pid 3715] set_robust_list(0x7fa6ebea99e0, 24 [pid 3714] <... clone resumed>, parent_tid=[3715], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3715 [pid 3715] <... set_robust_list resumed>) = 0 [pid 3714] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] memfd_create("syzkaller", 0 [pid 3714] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3715] <... memfd_create resumed>) = 3 [pid 3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3715] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3715] close(3) = 0 [pid 3715] mkdir("./file0", 0777) = 0 [pid 3715] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3715] chdir("./file0") = 0 [pid 3715] ioctl(4, LOOP_CLR_FD) = 0 [pid 3715] close(4) = 0 [pid 3715] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... futex resumed>) = 1 [pid 3715] open(".", O_RDONLY) = 4 [pid 3715] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3715] <... futex resumed>) = 1 [pid 3715] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3715] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3714] <... futex resumed>) = 0 [pid 3714] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3714] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3714] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3716 attached , parent_tid=[3716], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3716 [pid 3715] <... futex resumed>) = 1 [pid 3714] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3715] sync( [pid 3714] <... futex resumed>) = 0 [pid 3716] set_robust_list(0x7fa6ebe889e0, 24 [pid 3714] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3716] <... set_robust_list resumed>) = 0 [pid 3716] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3715] <... sync resumed>) = 0 [pid 3715] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3715] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3716] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3714] <... futex resumed>) = 0 [pid 3714] exit_group(0 [pid 3715] <... futex resumed>) = ? [pid 3714] <... exit_group resumed>) = ? [pid 3715] +++ exited with 0 +++ [pid 3716] +++ exited with 0 +++ [pid 3714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 55.837250][ T3715] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3717 ./strace-static-x86_64: Process 3717 attached [pid 3717] set_robust_list(0x5555563795e0, 24) = 0 [pid 3717] chdir("./28") = 0 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3717] setpgid(0, 0) = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3717] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3717] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3718], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3718 [pid 3717] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3718 attached [pid 3718] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3718] memfd_create("syzkaller", 0) = 3 [pid 3718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3718] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3718] close(3) = 0 [pid 3718] mkdir("./file0", 0777) = 0 [pid 3718] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3718] chdir("./file0") = 0 [pid 3718] ioctl(4, LOOP_CLR_FD) = 0 [pid 3718] close(4) = 0 [pid 3718] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... futex resumed>) = 1 [pid 3718] open(".", O_RDONLY) = 4 [pid 3718] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... futex resumed>) = 1 [pid 3718] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3718] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3717] <... futex resumed>) = 0 [pid 3717] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3717] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3717] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3719], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3719 [pid 3717] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3717] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3718] <... futex resumed>) = 1 [pid 3718] sync(./strace-static-x86_64: Process 3719 attached [pid 3719] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3718] <... sync resumed>) = 0 [pid 3718] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3719] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3718] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3719] <... openat resumed>) = 5 [pid 3719] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3717] <... futex resumed>) = 0 [pid 3717] exit_group(0) = ? [pid 3718] <... futex resumed>) = ? [pid 3718] +++ exited with 0 +++ [pid 3719] +++ exited with 0 +++ [pid 3717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3720 ./strace-static-x86_64: Process 3720 attached [pid 3720] set_robust_list(0x5555563795e0, 24) = 0 [pid 3720] chdir("./29") = 0 [ 55.916139][ T3718] loop0: detected capacity change from 0 to 64 [pid 3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3720] setpgid(0, 0) = 0 [pid 3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3720] write(3, "1000", 4) = 4 [pid 3720] close(3) = 0 [pid 3720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3720] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3720] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3720] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3721], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3721 [pid 3720] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3721 attached [pid 3721] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3721] memfd_create("syzkaller", 0) = 3 [pid 3721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3721] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3721] close(3) = 0 [pid 3721] mkdir("./file0", 0777) = 0 [pid 3721] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3721] chdir("./file0") = 0 [pid 3721] ioctl(4, LOOP_CLR_FD) = 0 [pid 3721] close(4) = 0 [pid 3721] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] <... futex resumed>) = 1 [pid 3721] open(".", O_RDONLY) = 4 [pid 3721] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3721] <... futex resumed>) = 1 [pid 3721] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3721] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3720] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3720] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3722 attached [pid 3722] set_robust_list(0x7fa6ebe889e0, 24 [pid 3720] <... clone resumed>, parent_tid=[3722], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3722 [pid 3722] <... set_robust_list resumed>) = 0 [pid 3720] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3722] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3720] <... futex resumed>) = 0 [pid 3720] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3722] <... openat resumed>) = 5 [pid 3722] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3720] <... futex resumed>) = 0 [pid 3722] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3721] <... futex resumed>) = 1 [pid 3721] sync() = 0 [pid 3721] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3721] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3720] exit_group(0 [pid 3721] <... futex resumed>) = ? [pid 3722] <... futex resumed>) = ? [pid 3720] <... exit_group resumed>) = ? [pid 3721] +++ exited with 0 +++ [pid 3722] +++ exited with 0 +++ [pid 3720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 55.993707][ T3721] loop0: detected capacity change from 0 to 64 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3723 ./strace-static-x86_64: Process 3723 attached [pid 3723] set_robust_list(0x5555563795e0, 24) = 0 [pid 3723] chdir("./30") = 0 [pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3723] setpgid(0, 0) = 0 [pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3723] write(3, "1000", 4) = 4 [pid 3723] close(3) = 0 [pid 3723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3723] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3723] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3723] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3724 attached , parent_tid=[3724], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3724 [pid 3723] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3724] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3724] memfd_create("syzkaller", 0) = 3 [pid 3724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3724] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3724] close(3) = 0 [pid 3724] mkdir("./file0", 0777) = 0 [pid 3724] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3724] chdir("./file0") = 0 [pid 3724] ioctl(4, LOOP_CLR_FD) = 0 [pid 3724] close(4) = 0 [pid 3724] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3723] <... futex resumed>) = 0 [pid 3724] open(".", O_RDONLY [pid 3723] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3724] <... open resumed>) = 4 [pid 3723] <... futex resumed>) = 0 [pid 3724] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] <... futex resumed>) = 0 [pid 3723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3724] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3723] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3724] <... mkdirat resumed>) = 0 [pid 3723] <... futex resumed>) = 0 [pid 3724] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3724] <... futex resumed>) = 0 [pid 3723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3724] sync( [pid 3723] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3723] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3723] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3725], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3725 [pid 3723] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3723] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3725 attached [pid 3725] set_robust_list(0x7fa6ebe889e0, 24 [pid 3724] <... sync resumed>) = 0 [pid 3724] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3725] <... set_robust_list resumed>) = 0 [pid 3724] <... futex resumed>) = 0 [pid 3724] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3725] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3725] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3723] <... futex resumed>) = 0 [pid 3723] exit_group(0 [pid 3724] <... futex resumed>) = ? [pid 3723] <... exit_group resumed>) = ? [pid 3724] +++ exited with 0 +++ [pid 3725] <... futex resumed>) = ? [pid 3725] +++ exited with 0 +++ [pid 3723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 56.084267][ T3724] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3726 attached [pid 3726] set_robust_list(0x5555563795e0, 24) = 0 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3726 [pid 3726] chdir("./31") = 0 [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3726] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3726] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3726] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3727], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3727 [pid 3726] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3727 attached [pid 3727] set_robust_list(0x7fa6ebea99e0, 24 [pid 3726] <... futex resumed>) = 0 [pid 3727] <... set_robust_list resumed>) = 0 [pid 3726] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3727] memfd_create("syzkaller", 0) = 3 [pid 3727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3727] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3727] close(3) = 0 [pid 3727] mkdir("./file0", 0777) = 0 [pid 3727] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3727] chdir("./file0") = 0 [pid 3727] ioctl(4, LOOP_CLR_FD) = 0 [pid 3727] close(4) = 0 [pid 3727] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3727] <... futex resumed>) = 0 [pid 3727] open(".", O_RDONLY [pid 3726] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... open resumed>) = 4 [pid 3727] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... futex resumed>) = 1 [pid 3727] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3727] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3726] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3726] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3726] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3728], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3728 [pid 3726] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3727] <... futex resumed>) = 1 [pid 3727] sync(./strace-static-x86_64: Process 3728 attached [pid 3728] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3728] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3728] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3726] <... futex resumed>) = 0 [pid 3728] <... futex resumed>) = 1 [pid 3728] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3727] <... sync resumed>) = 0 [pid 3727] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3726] exit_group(0) = ? [pid 3727] +++ exited with 0 +++ [pid 3728] <... futex resumed>) = ? [pid 3728] +++ exited with 0 +++ [pid 3726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 [ 56.182012][ T3727] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3729 ./strace-static-x86_64: Process 3729 attached [pid 3729] set_robust_list(0x5555563795e0, 24) = 0 [pid 3729] chdir("./32") = 0 [pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3729] setpgid(0, 0) = 0 [pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3729] write(3, "1000", 4) = 4 [pid 3729] close(3) = 0 [pid 3729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3729] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3729] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3729] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3730 attached , parent_tid=[3730], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3730 [pid 3729] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3730] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3730] memfd_create("syzkaller", 0) = 3 [pid 3730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3730] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3730] close(3) = 0 [pid 3730] mkdir("./file0", 0777) = 0 [pid 3730] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3730] chdir("./file0") = 0 [pid 3730] ioctl(4, LOOP_CLR_FD) = 0 [pid 3730] close(4) = 0 [pid 3730] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3729] <... futex resumed>) = 0 [pid 3730] open(".", O_RDONLY [pid 3729] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] <... open resumed>) = 4 [pid 3729] <... futex resumed>) = 0 [pid 3730] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] <... futex resumed>) = 0 [pid 3729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3730] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3729] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] <... mkdirat resumed>) = 0 [pid 3729] <... futex resumed>) = 0 [pid 3730] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] <... futex resumed>) = 0 [pid 3729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3730] sync( [pid 3729] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3729] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3729] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3731], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3731 [pid 3730] <... sync resumed>) = 0 [pid 3729] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3730] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = 0 [pid 3730] <... futex resumed>) = 0 [pid 3729] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3730] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3731 attached [pid 3731] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3731] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3731] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3729] <... futex resumed>) = 0 [pid 3731] <... futex resumed>) = 1 [pid 3731] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3729] exit_group(0 [pid 3730] <... futex resumed>) = ? [pid 3731] <... futex resumed>) = ? [pid 3729] <... exit_group resumed>) = ? [pid 3730] +++ exited with 0 +++ [pid 3731] +++ exited with 0 +++ [pid 3729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 56.268264][ T3730] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3732 ./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x5555563795e0, 24) = 0 [pid 3732] chdir("./33") = 0 [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3732] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3732] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3733 attached [pid 3733] set_robust_list(0x7fa6ebea99e0, 24 [pid 3732] <... clone resumed>, parent_tid=[3733], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3733 [pid 3733] <... set_robust_list resumed>) = 0 [pid 3732] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] memfd_create("syzkaller", 0 [pid 3732] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3733] <... memfd_create resumed>) = 3 [pid 3733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3733] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3733] close(3) = 0 [pid 3733] mkdir("./file0", 0777) = 0 [pid 3733] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3733] chdir("./file0") = 0 [pid 3733] ioctl(4, LOOP_CLR_FD) = 0 [pid 3733] close(4) = 0 [pid 3733] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3732] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 0 [pid 3733] open(".", O_RDONLY) = 4 [pid 3733] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3733] <... futex resumed>) = 1 [pid 3733] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3733] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3732] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] <... futex resumed>) = 1 [pid 3732] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] sync( [pid 3732] <... futex resumed>) = 0 [pid 3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3732] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3732] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3734], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3734 [pid 3732] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3732] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3734 attached [pid 3734] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3734] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3733] <... sync resumed>) = 0 [pid 3734] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3732] <... futex resumed>) = 0 [pid 3734] <... futex resumed>) = 1 [pid 3734] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] exit_group(0 [pid 3734] <... futex resumed>) = ? [pid 3733] <... futex resumed>) = ? [pid 3732] <... exit_group resumed>) = ? [pid 3734] +++ exited with 0 +++ [pid 3733] +++ exited with 0 +++ [pid 3732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 56.345479][ T3733] loop0: detected capacity change from 0 to 64 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3735 ./strace-static-x86_64: Process 3735 attached [pid 3735] set_robust_list(0x5555563795e0, 24) = 0 [pid 3735] chdir("./34") = 0 [pid 3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3735] setpgid(0, 0) = 0 [pid 3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3735] write(3, "1000", 4) = 4 [pid 3735] close(3) = 0 [pid 3735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3735] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3735] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3735] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3736], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3736 [pid 3735] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3736 attached [pid 3736] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3736] memfd_create("syzkaller", 0) = 3 [pid 3736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3736] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3736] close(3) = 0 [pid 3736] mkdir("./file0", 0777) = 0 [pid 3736] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3736] chdir("./file0") = 0 [pid 3736] ioctl(4, LOOP_CLR_FD) = 0 [pid 3736] close(4) = 0 [pid 3736] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3736] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] <... futex resumed>) = 0 [pid 3735] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3736] <... futex resumed>) = 0 [pid 3735] <... futex resumed>) = 1 [pid 3735] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3736] open(".", O_RDONLY) = 4 [pid 3736] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3735] <... futex resumed>) = 0 [pid 3736] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3736] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3736] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3735] <... futex resumed>) = 0 [pid 3736] sync( [pid 3735] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3735] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3735] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3737], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3737 [pid 3735] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3737 attached ) = 0 [pid 3737] set_robust_list(0x7fa6ebe889e0, 24 [pid 3735] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3737] <... set_robust_list resumed>) = 0 [pid 3737] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3737] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3735] <... futex resumed>) = 0 [pid 3737] <... futex resumed>) = 1 [pid 3737] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3736] <... sync resumed>) = 0 [pid 3736] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3736] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3735] exit_group(0) = ? [pid 3737] <... futex resumed>) = ? [pid 3737] +++ exited with 0 +++ [pid 3736] <... futex resumed>) = ? [pid 3736] +++ exited with 0 +++ [pid 3735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 56.442904][ T3736] loop0: detected capacity change from 0 to 64 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3738 ./strace-static-x86_64: Process 3738 attached [pid 3738] set_robust_list(0x5555563795e0, 24) = 0 [pid 3738] chdir("./35") = 0 [pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3738] setpgid(0, 0) = 0 [pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3738] write(3, "1000", 4) = 4 [pid 3738] close(3) = 0 [pid 3738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3738] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3738] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3738] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3739], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3739 [pid 3738] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3739 attached [pid 3739] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3739] memfd_create("syzkaller", 0) = 3 [pid 3739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3739] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3739] close(3) = 0 [pid 3739] mkdir("./file0", 0777) = 0 [pid 3739] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3739] chdir("./file0") = 0 [pid 3739] ioctl(4, LOOP_CLR_FD) = 0 [pid 3739] close(4) = 0 [pid 3739] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3738] <... futex resumed>) = 0 [pid 3739] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3738] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3739] open(".", O_RDONLY) = 4 [pid 3739] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3739] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3739] <... mkdirat resumed>) = 0 [pid 3739] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3738] <... futex resumed>) = 0 [pid 3738] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] sync( [pid 3738] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3738] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3738] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3740], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3740 [pid 3738] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3738] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3740 attached [pid 3740] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3740] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3740] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3738] <... futex resumed>) = 0 [pid 3740] <... futex resumed>) = 1 [pid 3740] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3739] <... sync resumed>) = 0 [pid 3739] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3739] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3738] exit_group(0 [pid 3739] <... futex resumed>) = ? [pid 3738] <... exit_group resumed>) = ? [pid 3740] <... futex resumed>) = ? [pid 3740] +++ exited with 0 +++ [pid 3739] +++ exited with 0 +++ [pid 3738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 56.543188][ T3739] loop0: detected capacity change from 0 to 64 rmdir("./35/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3741 ./strace-static-x86_64: Process 3741 attached [pid 3741] set_robust_list(0x5555563795e0, 24) = 0 [pid 3741] chdir("./36") = 0 [pid 3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3741] setpgid(0, 0) = 0 [pid 3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3741] write(3, "1000", 4) = 4 [pid 3741] close(3) = 0 [pid 3741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3741] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3741] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3741] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3742 attached , parent_tid=[3742], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3742 [pid 3742] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3742] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3742] <... futex resumed>) = 0 [pid 3742] memfd_create("syzkaller", 0 [pid 3741] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3742] <... memfd_create resumed>) = 3 [pid 3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3742] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3742] close(3) = 0 [pid 3742] mkdir("./file0", 0777) = 0 [pid 3742] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3742] chdir("./file0") = 0 [pid 3742] ioctl(4, LOOP_CLR_FD) = 0 [pid 3742] close(4) = 0 [pid 3742] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] open(".", O_RDONLY) = 4 [pid 3742] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3742] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3741] <... futex resumed>) = 0 [pid 3741] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3741] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3741] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3743 attached [pid 3743] set_robust_list(0x7fa6ebe889e0, 24 [pid 3741] <... clone resumed>, parent_tid=[3743], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3743 [pid 3743] <... set_robust_list resumed>) = 0 [pid 3743] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3741] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3741] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3742] <... futex resumed>) = 1 [pid 3743] <... openat resumed>) = 5 [pid 3743] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3742] sync( [pid 3743] <... futex resumed>) = 1 [pid 3741] <... futex resumed>) = 0 [pid 3743] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3742] <... sync resumed>) = 0 [pid 3742] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3742] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3741] exit_group(0 [pid 3743] <... futex resumed>) = ? [pid 3741] <... exit_group resumed>) = ? [pid 3742] <... futex resumed>) = ? [pid 3743] +++ exited with 0 +++ [pid 3742] +++ exited with 0 +++ [pid 3741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3741, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 56.635509][ T3742] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3744 ./strace-static-x86_64: Process 3744 attached [pid 3744] set_robust_list(0x5555563795e0, 24) = 0 [pid 3744] chdir("./37") = 0 [pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3744] setpgid(0, 0) = 0 [pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3744] write(3, "1000", 4) = 4 [pid 3744] close(3) = 0 [pid 3744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3744] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3744] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3744] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3745 attached [pid 3745] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3745] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3744] <... clone resumed>, parent_tid=[3745], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3745 [pid 3744] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3745] <... futex resumed>) = 0 [pid 3744] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3745] memfd_create("syzkaller", 0) = 3 [pid 3745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3745] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3745] close(3) = 0 [pid 3745] mkdir("./file0", 0777) = 0 [pid 3745] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3745] chdir("./file0") = 0 [pid 3745] ioctl(4, LOOP_CLR_FD) = 0 [pid 3745] close(4) = 0 [pid 3745] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 1 [pid 3745] open(".", O_RDONLY) = 4 [pid 3745] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 1 [pid 3745] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3745] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] <... futex resumed>) = 0 [pid 3744] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3744] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3744] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3746], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3746 [pid 3744] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3744] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3745] <... futex resumed>) = 1 [pid 3745] sync(./strace-static-x86_64: Process 3746 attached [pid 3746] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3746] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3746] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3744] <... futex resumed>) = 0 [pid 3746] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3745] <... sync resumed>) = 0 [pid 3745] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3744] exit_group(0 [pid 3746] <... futex resumed>) = ? [pid 3744] <... exit_group resumed>) = ? [pid 3746] +++ exited with 0 +++ [pid 3745] <... futex resumed>) = ? [pid 3745] +++ exited with 0 +++ [pid 3744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3747 ./strace-static-x86_64: Process 3747 attached [ 56.718760][ T3745] loop0: detected capacity change from 0 to 64 [pid 3747] set_robust_list(0x5555563795e0, 24) = 0 [pid 3747] chdir("./38") = 0 [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3747] setpgid(0, 0) = 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3747] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3747] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3748], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3748 ./strace-static-x86_64: Process 3748 attached [pid 3747] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] set_robust_list(0x7fa6ebea99e0, 24 [pid 3747] <... futex resumed>) = 0 [pid 3748] <... set_robust_list resumed>) = 0 [pid 3747] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3748] memfd_create("syzkaller", 0) = 3 [pid 3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3748] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3748] close(3) = 0 [pid 3748] mkdir("./file0", 0777) = 0 [pid 3748] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3748] chdir("./file0") = 0 [pid 3748] ioctl(4, LOOP_CLR_FD) = 0 [pid 3748] close(4) = 0 [pid 3748] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3748] open(".", O_RDONLY [pid 3747] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] <... open resumed>) = 4 [pid 3748] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3747] <... futex resumed>) = 0 [pid 3748] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3747] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... mkdirat resumed>) = 0 [pid 3747] <... futex resumed>) = 0 [pid 3747] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3748] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3748] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3747] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3747] <... futex resumed>) = 0 [pid 3748] sync( [pid 3747] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3747] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3747] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3749 attached , parent_tid=[3749], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3749 [pid 3747] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3749] set_robust_list(0x7fa6ebe889e0, 24 [pid 3747] <... futex resumed>) = 0 [pid 3749] <... set_robust_list resumed>) = 0 [pid 3747] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3749] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3748] <... sync resumed>) = 0 [pid 3748] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3748] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3749] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3747] <... futex resumed>) = 0 [pid 3747] exit_group(0) = ? [pid 3748] <... futex resumed>) = ? [pid 3748] +++ exited with 0 +++ [pid 3749] <... futex resumed>) = ? [pid 3749] +++ exited with 0 +++ [pid 3747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 [ 56.796517][ T3748] loop0: detected capacity change from 0 to 64 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3750 ./strace-static-x86_64: Process 3750 attached [pid 3750] set_robust_list(0x5555563795e0, 24) = 0 [pid 3750] chdir("./39") = 0 [pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3750] setpgid(0, 0) = 0 [pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3750] write(3, "1000", 4) = 4 [pid 3750] close(3) = 0 [pid 3750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3750] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3750] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3750] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3751 attached [pid 3751] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3751] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3750] <... clone resumed>, parent_tid=[3751], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3751 [pid 3750] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3751] <... futex resumed>) = 0 [pid 3750] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3751] memfd_create("syzkaller", 0) = 3 [pid 3751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3751] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3751] close(3) = 0 [pid 3751] mkdir("./file0", 0777) = 0 [pid 3751] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3751] chdir("./file0") = 0 [pid 3751] ioctl(4, LOOP_CLR_FD) = 0 [pid 3751] close(4) = 0 [pid 3751] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... futex resumed>) = 1 [pid 3751] open(".", O_RDONLY) = 4 [pid 3751] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... futex resumed>) = 1 [pid 3751] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3751] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3750] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3750] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3752], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3752 [pid 3750] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3750] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3751] <... futex resumed>) = 1 [pid 3751] sync() = 0 ./strace-static-x86_64: Process 3752 attached [pid 3751] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3751] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3752] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3752] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3752] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3750] <... futex resumed>) = 0 [pid 3750] exit_group(0) = ? [pid 3752] <... futex resumed>) = ? [pid 3752] +++ exited with 0 +++ [pid 3751] <... futex resumed>) = ? [pid 3751] +++ exited with 0 +++ [pid 3750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 56.898760][ T3751] loop0: detected capacity change from 0 to 64 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3753 ./strace-static-x86_64: Process 3753 attached [pid 3753] set_robust_list(0x5555563795e0, 24) = 0 [pid 3753] chdir("./40") = 0 [pid 3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3753] setpgid(0, 0) = 0 [pid 3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3753] write(3, "1000", 4) = 4 [pid 3753] close(3) = 0 [pid 3753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3753] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3753] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3753] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3754], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3754 ./strace-static-x86_64: Process 3754 attached [pid 3753] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3754] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3754] memfd_create("syzkaller", 0) = 3 [pid 3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3754] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3754] close(3) = 0 [pid 3754] mkdir("./file0", 0777) = 0 [pid 3754] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3754] chdir("./file0") = 0 [pid 3754] ioctl(4, LOOP_CLR_FD) = 0 [pid 3754] close(4) = 0 [pid 3754] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] open(".", O_RDONLY) = 4 [pid 3754] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3753] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3754] <... mkdirat resumed>) = 0 [pid 3754] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3753] <... futex resumed>) = 0 [pid 3753] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3754] sync( [pid 3753] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3753] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3753] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3755], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3755 [pid 3753] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3753] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3755 attached [pid 3755] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3755] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3755] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3753] <... futex resumed>) = 0 [pid 3755] <... futex resumed>) = 1 [pid 3755] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3754] <... sync resumed>) = 0 [pid 3754] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3754] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3753] exit_group(0) = ? [pid 3754] <... futex resumed>) = ? [pid 3755] <... futex resumed>) = ? [pid 3755] +++ exited with 0 +++ [pid 3754] +++ exited with 0 +++ [pid 3753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 56.991455][ T3754] loop0: detected capacity change from 0 to 64 rmdir("./40/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3756 ./strace-static-x86_64: Process 3756 attached [pid 3756] set_robust_list(0x5555563795e0, 24) = 0 [pid 3756] chdir("./41") = 0 [pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3756] setpgid(0, 0) = 0 [pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3756] write(3, "1000", 4) = 4 [pid 3756] close(3) = 0 [pid 3756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3756] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3756] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3756] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3757 attached [pid 3757] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3757] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3756] <... clone resumed>, parent_tid=[3757], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3757 [pid 3756] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3757] <... futex resumed>) = 0 [pid 3756] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3757] memfd_create("syzkaller", 0) = 3 [pid 3757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3757] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3757] close(3) = 0 [pid 3757] mkdir("./file0", 0777) = 0 [pid 3757] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3757] chdir("./file0") = 0 [pid 3757] ioctl(4, LOOP_CLR_FD) = 0 [pid 3757] close(4) = 0 [pid 3757] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3756] <... futex resumed>) = 0 [pid 3757] <... futex resumed>) = 1 [pid 3757] open(".", O_RDONLY [pid 3756] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3757] <... open resumed>) = 4 [pid 3756] <... futex resumed>) = 0 [pid 3757] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3756] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3756] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3757] <... futex resumed>) = 1 [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 3757] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3757] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3756] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3756] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3758 attached , parent_tid=[3758], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3758 [pid 3756] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3758] set_robust_list(0x7fa6ebe889e0, 24 [pid 3756] <... futex resumed>) = 0 [pid 3756] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3758] <... set_robust_list resumed>) = 0 [pid 3758] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3757] sync( [pid 3758] <... openat resumed>) = 5 [pid 3758] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3756] <... futex resumed>) = 0 [pid 3758] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3757] <... sync resumed>) = 0 [pid 3757] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3757] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3756] exit_group(0) = ? [pid 3758] <... futex resumed>) = ? [pid 3758] +++ exited with 0 +++ [pid 3757] <... futex resumed>) = ? [pid 3757] +++ exited with 0 +++ [pid 3756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 57.084791][ T3757] loop0: detected capacity change from 0 to 64 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3759 ./strace-static-x86_64: Process 3759 attached [pid 3759] set_robust_list(0x5555563795e0, 24) = 0 [pid 3759] chdir("./42") = 0 [pid 3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3759] setpgid(0, 0) = 0 [pid 3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3759] write(3, "1000", 4) = 4 [pid 3759] close(3) = 0 [pid 3759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3759] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3759] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3759] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3760 attached [pid 3760] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3760] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3759] <... clone resumed>, parent_tid=[3760], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3760 [pid 3759] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3760] <... futex resumed>) = 0 [pid 3759] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3760] memfd_create("syzkaller", 0) = 3 [pid 3760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3760] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3760] close(3) = 0 [pid 3760] mkdir("./file0", 0777) = 0 [pid 3760] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3760] chdir("./file0") = 0 [pid 3760] ioctl(4, LOOP_CLR_FD) = 0 [pid 3760] close(4) = 0 [pid 3760] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3759] <... futex resumed>) = 0 [pid 3759] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3760] open(".", O_RDONLY) = 4 [pid 3760] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3759] <... futex resumed>) = 0 [pid 3759] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3760] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3760] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3759] <... futex resumed>) = 0 [pid 3759] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3760] sync( [pid 3759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3759] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3759] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3761], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3761 ./strace-static-x86_64: Process 3761 attached [pid 3759] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3759] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3761] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3761] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3760] <... sync resumed>) = 0 [pid 3760] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3761] <... openat resumed>) = 5 [pid 3761] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3760] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3761] <... futex resumed>) = 1 [pid 3759] <... futex resumed>) = 0 [pid 3761] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3759] exit_group(0) = ? [pid 3760] <... futex resumed>) = ? [pid 3761] <... futex resumed>) = ? [pid 3760] +++ exited with 0 +++ [pid 3761] +++ exited with 0 +++ [pid 3759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3759, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 [ 57.176384][ T3760] loop0: detected capacity change from 0 to 64 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3762 ./strace-static-x86_64: Process 3762 attached [pid 3762] set_robust_list(0x5555563795e0, 24) = 0 [pid 3762] chdir("./43") = 0 [pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3762] setpgid(0, 0) = 0 [pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3762] write(3, "1000", 4) = 4 [pid 3762] close(3) = 0 [pid 3762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3762] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3762] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3762] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3763], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3763 [pid 3762] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3763 attached [pid 3763] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3763] memfd_create("syzkaller", 0) = 3 [pid 3763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3763] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3763] close(3) = 0 [pid 3763] mkdir("./file0", 0777) = 0 [pid 3763] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3763] chdir("./file0") = 0 [pid 3763] ioctl(4, LOOP_CLR_FD) = 0 [pid 3763] close(4) = 0 [pid 3763] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3762] <... futex resumed>) = 0 [pid 3763] <... futex resumed>) = 1 [pid 3762] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3763] open(".", O_RDONLY [pid 3762] <... futex resumed>) = 0 [pid 3763] <... open resumed>) = 4 [pid 3762] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3763] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3763] <... futex resumed>) = 0 [pid 3762] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3763] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3762] <... futex resumed>) = 0 [pid 3762] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3763] <... mkdirat resumed>) = 0 [pid 3763] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3762] <... futex resumed>) = 0 [pid 3763] <... futex resumed>) = 1 [pid 3762] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3763] sync( [pid 3762] <... futex resumed>) = 0 [pid 3762] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3762] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3762] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3764 attached , parent_tid=[3764], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3764 [pid 3762] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3762] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3764] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3763] <... sync resumed>) = 0 [pid 3763] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3763] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3764] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3764] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3762] <... futex resumed>) = 0 [pid 3762] exit_group(0 [pid 3763] <... futex resumed>) = ? [pid 3762] <... exit_group resumed>) = ? [pid 3763] +++ exited with 0 +++ [pid 3764] +++ exited with 0 +++ [pid 3762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.275378][ T3763] loop0: detected capacity change from 0 to 64 lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3765 ./strace-static-x86_64: Process 3765 attached [pid 3765] set_robust_list(0x5555563795e0, 24) = 0 [pid 3765] chdir("./44") = 0 [pid 3765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3765] setpgid(0, 0) = 0 [pid 3765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3765] write(3, "1000", 4) = 4 [pid 3765] close(3) = 0 [pid 3765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3765] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3765] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3765] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3766], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3766 [pid 3765] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3765] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3766 attached [pid 3766] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3766] memfd_create("syzkaller", 0) = 3 [pid 3766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3766] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3766] close(3) = 0 [pid 3766] mkdir("./file0", 0777) = 0 [pid 3766] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3766] chdir("./file0") = 0 [pid 3766] ioctl(4, LOOP_CLR_FD) = 0 [pid 3766] close(4) = 0 [pid 3766] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3766] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3765] <... futex resumed>) = 0 [pid 3765] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3766] <... futex resumed>) = 0 [pid 3766] open(".", O_RDONLY) = 4 [pid 3766] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3766] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3765] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3765] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3766] <... futex resumed>) = 0 [pid 3765] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3766] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3766] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3766] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3765] <... futex resumed>) = 0 [pid 3765] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3765] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3765] <... futex resumed>) = 0 [pid 3766] sync( [pid 3765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3765] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3765] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3767], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3767 [pid 3765] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3765] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3767 attached [pid 3767] set_robust_list(0x7fa6ebe889e0, 24 [pid 3766] <... sync resumed>) = 0 [pid 3766] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3766] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3767] <... set_robust_list resumed>) = 0 [pid 3767] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3767] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3765] <... futex resumed>) = 0 [pid 3765] exit_group(0) = ? [pid 3766] <... futex resumed>) = ? [pid 3766] +++ exited with 0 +++ [pid 3767] +++ exited with 0 +++ [pid 3765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3765, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 57.369501][ T3766] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3768 ./strace-static-x86_64: Process 3768 attached [pid 3768] set_robust_list(0x5555563795e0, 24) = 0 [pid 3768] chdir("./45") = 0 [pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3768] setpgid(0, 0) = 0 [pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3768] write(3, "1000", 4) = 4 [pid 3768] close(3) = 0 [pid 3768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3768] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3768] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3768] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3769], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3769 ./strace-static-x86_64: Process 3769 attached [pid 3769] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3769] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3768] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3768] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3769] <... futex resumed>) = 0 [pid 3769] memfd_create("syzkaller", 0) = 3 [pid 3769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3769] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3769] close(3) = 0 [pid 3769] mkdir("./file0", 0777) = 0 [pid 3769] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3769] chdir("./file0") = 0 [pid 3769] ioctl(4, LOOP_CLR_FD) = 0 [pid 3769] close(4) = 0 [pid 3769] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3768] <... futex resumed>) = 0 [pid 3769] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3768] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3769] <... futex resumed>) = 0 [pid 3768] <... futex resumed>) = 1 [pid 3769] open(".", O_RDONLY) = 4 [pid 3768] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3769] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3768] <... futex resumed>) = 0 [pid 3768] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3769] <... futex resumed>) = 0 [pid 3768] <... futex resumed>) = 1 [pid 3769] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3768] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3769] <... mkdirat resumed>) = 0 [pid 3769] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3768] <... futex resumed>) = 0 [pid 3769] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3768] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3768] <... futex resumed>) = 0 [pid 3768] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3769] sync( [pid 3768] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3768] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3768] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3770 attached , parent_tid=[3770], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3770 [pid 3768] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3768] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3770] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3770] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3769] <... sync resumed>) = 0 [pid 3769] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3769] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3770] <... openat resumed>) = 5 [pid 3770] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3768] <... futex resumed>) = 0 [pid 3770] <... futex resumed>) = 1 [pid 3768] exit_group(0 [pid 3769] <... futex resumed>) = ? [pid 3768] <... exit_group resumed>) = ? [pid 3770] +++ exited with 0 +++ [pid 3769] +++ exited with 0 +++ [pid 3768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 57.477383][ T3769] loop0: detected capacity change from 0 to 64 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3771 ./strace-static-x86_64: Process 3771 attached [pid 3771] set_robust_list(0x5555563795e0, 24) = 0 [pid 3771] chdir("./46") = 0 [pid 3771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3771] setpgid(0, 0) = 0 [pid 3771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3771] write(3, "1000", 4) = 4 [pid 3771] close(3) = 0 [pid 3771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3771] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3771] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3771] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3772 attached , parent_tid=[3772], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3772 [pid 3772] set_robust_list(0x7fa6ebea99e0, 24 [pid 3771] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3772] <... set_robust_list resumed>) = 0 [pid 3771] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3772] memfd_create("syzkaller", 0) = 3 [pid 3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3772] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3772] close(3) = 0 [pid 3772] mkdir("./file0", 0777) = 0 [pid 3772] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3772] chdir("./file0") = 0 [pid 3772] ioctl(4, LOOP_CLR_FD) = 0 [pid 3772] close(4) = 0 [pid 3772] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3772] open(".", O_RDONLY [pid 3771] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... open resumed>) = 4 [pid 3772] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3772] <... futex resumed>) = 0 [pid 3771] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3772] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3771] <... futex resumed>) = 0 [pid 3771] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3772] <... mkdirat resumed>) = 0 [pid 3772] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3772] sync( [pid 3771] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3771] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3771] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3773], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3773 [pid 3771] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3773 attached ) = 0 [pid 3773] set_robust_list(0x7fa6ebe889e0, 24 [pid 3771] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3773] <... set_robust_list resumed>) = 0 [pid 3773] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3773] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3771] <... futex resumed>) = 0 [pid 3773] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3772] <... sync resumed>) = 0 [pid 3772] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3772] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3771] exit_group(0 [pid 3773] <... futex resumed>) = ? [pid 3772] <... futex resumed>) = ? [pid 3771] <... exit_group resumed>) = ? [pid 3773] +++ exited with 0 +++ [pid 3772] +++ exited with 0 +++ [pid 3771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3771, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 57.566675][ T3772] loop0: detected capacity change from 0 to 64 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3774 ./strace-static-x86_64: Process 3774 attached [pid 3774] set_robust_list(0x5555563795e0, 24) = 0 [pid 3774] chdir("./47") = 0 [pid 3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3774] setpgid(0, 0) = 0 [pid 3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3774] write(3, "1000", 4) = 4 [pid 3774] close(3) = 0 [pid 3774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3774] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3774] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3774] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3775 attached [pid 3775] set_robust_list(0x7fa6ebea99e0, 24 [pid 3774] <... clone resumed>, parent_tid=[3775], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3775 [pid 3775] <... set_robust_list resumed>) = 0 [pid 3774] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3775] memfd_create("syzkaller", 0) = 3 [pid 3775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3775] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3775] close(3) = 0 [pid 3775] mkdir("./file0", 0777) = 0 [pid 3775] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3775] chdir("./file0") = 0 [pid 3775] ioctl(4, LOOP_CLR_FD) = 0 [pid 3775] close(4) = 0 [pid 3775] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3774] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3775] open(".", O_RDONLY [pid 3774] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3775] <... open resumed>) = 4 [pid 3775] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3775] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3774] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3775] <... mkdirat resumed>) = 0 [pid 3775] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3774] <... futex resumed>) = 0 [pid 3774] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3774] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3775] sync( [pid 3774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3774] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3774] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3776], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3776 [pid 3774] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3776 attached ) = 0 [pid 3774] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3776] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3776] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3775] <... sync resumed>) = 0 [pid 3776] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3775] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3776] <... futex resumed>) = 1 [pid 3775] <... futex resumed>) = 0 [pid 3774] <... futex resumed>) = 0 [pid 3776] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3775] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3774] exit_group(0 [pid 3776] <... futex resumed>) = ? [pid 3775] <... futex resumed>) = ? [pid 3774] <... exit_group resumed>) = ? [pid 3776] +++ exited with 0 +++ [pid 3775] +++ exited with 0 +++ [pid 3774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.673356][ T3775] loop0: detected capacity change from 0 to 64 lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3777 attached , child_tidptr=0x5555563795d0) = 3777 [pid 3777] set_robust_list(0x5555563795e0, 24) = 0 [pid 3777] chdir("./48") = 0 [pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3777] setpgid(0, 0) = 0 [pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3777] write(3, "1000", 4) = 4 [pid 3777] close(3) = 0 [pid 3777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3777] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3777] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3777] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3778 attached , parent_tid=[3778], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3778 [pid 3778] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3778] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3778] <... futex resumed>) = 0 [pid 3777] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3778] memfd_create("syzkaller", 0) = 3 [pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3778] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3778] close(3) = 0 [pid 3778] mkdir("./file0", 0777) = 0 [pid 3778] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3778] chdir("./file0") = 0 [pid 3778] ioctl(4, LOOP_CLR_FD) = 0 [pid 3778] close(4) = 0 [pid 3778] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3778] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3777] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 0 [pid 3778] open(".", O_RDONLY) = 4 [pid 3778] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3778] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3777] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3777] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3779], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3779 [pid 3777] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] sync(./strace-static-x86_64: Process 3779 attached [pid 3779] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3779] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3779] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3779] <... futex resumed>) = 1 [pid 3779] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3778] <... sync resumed>) = 0 [pid 3778] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3778] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] exit_group(0) = ? [pid 3778] <... futex resumed>) = ? [pid 3778] +++ exited with 0 +++ [pid 3779] <... futex resumed>) = ? [pid 3779] +++ exited with 0 +++ [pid 3777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 [ 57.778530][ T3778] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3780 ./strace-static-x86_64: Process 3780 attached [pid 3780] set_robust_list(0x5555563795e0, 24) = 0 [pid 3780] chdir("./49") = 0 [pid 3780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3780] setpgid(0, 0) = 0 [pid 3780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3780] write(3, "1000", 4) = 4 [pid 3780] close(3) = 0 [pid 3780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3780] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3780] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3780] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3781 attached [pid 3781] set_robust_list(0x7fa6ebea99e0, 24 [pid 3780] <... clone resumed>, parent_tid=[3781], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3781 [pid 3781] <... set_robust_list resumed>) = 0 [pid 3780] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3781] memfd_create("syzkaller", 0) = 3 [pid 3781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3781] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3781] close(3) = 0 [pid 3781] mkdir("./file0", 0777) = 0 [pid 3781] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3781] chdir("./file0") = 0 [pid 3781] ioctl(4, LOOP_CLR_FD) = 0 [pid 3781] close(4) = 0 [pid 3781] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3781] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3780] <... futex resumed>) = 0 [pid 3780] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3781] <... futex resumed>) = 0 [pid 3780] <... futex resumed>) = 1 [pid 3781] open(".", O_RDONLY) = 4 [pid 3781] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3781] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3780] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3780] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3780] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... futex resumed>) = 0 [pid 3781] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3781] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3780] <... futex resumed>) = 0 [pid 3781] sync( [pid 3780] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3780] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3780] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3782], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3782 [pid 3780] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3780] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3781] <... sync resumed>) = 0 [pid 3781] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3781] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3782 attached [pid 3782] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3782] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3782] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3780] <... futex resumed>) = 0 [pid 3780] exit_group(0) = ? [pid 3781] <... futex resumed>) = ? [pid 3781] +++ exited with 0 +++ [pid 3782] +++ exited with 0 +++ [pid 3780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3780, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 [ 57.873292][ T3781] loop0: detected capacity change from 0 to 64 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3783 ./strace-static-x86_64: Process 3783 attached [pid 3783] set_robust_list(0x5555563795e0, 24) = 0 [pid 3783] chdir("./50") = 0 [pid 3783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3783] setpgid(0, 0) = 0 [pid 3783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3783] write(3, "1000", 4) = 4 [pid 3783] close(3) = 0 [pid 3783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3783] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3783] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3783] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3784 attached [pid 3784] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3783] <... clone resumed>, parent_tid=[3784], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3784 [pid 3784] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3783] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3784] <... futex resumed>) = 0 [pid 3784] memfd_create("syzkaller", 0) = 3 [pid 3784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3784] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3784] close(3) = 0 [pid 3784] mkdir("./file0", 0777) = 0 [pid 3784] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3784] chdir("./file0") = 0 [pid 3784] ioctl(4, LOOP_CLR_FD) = 0 [pid 3784] close(4) = 0 [pid 3784] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3783] <... futex resumed>) = 0 [pid 3783] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... futex resumed>) = 1 [pid 3784] open(".", O_RDONLY) = 4 [pid 3784] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3783] <... futex resumed>) = 0 [pid 3783] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... futex resumed>) = 1 [pid 3784] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3784] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3783] <... futex resumed>) = 0 [pid 3783] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3783] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3783] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3785], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3785 [pid 3783] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3783] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3784] <... futex resumed>) = 1 [pid 3784] sync() = 0 [pid 3784] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3784] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3785 attached [pid 3785] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3785] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3785] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3783] <... futex resumed>) = 0 [pid 3783] exit_group(0) = ? [pid 3785] +++ exited with 0 +++ [pid 3784] <... futex resumed>) = ? [pid 3784] +++ exited with 0 +++ [pid 3783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3783, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3786 ./strace-static-x86_64: Process 3786 attached [pid 3786] set_robust_list(0x5555563795e0, 24) = 0 [pid 3786] chdir("./51") = 0 [pid 3786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3786] setpgid(0, 0) = 0 [pid 3786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3786] write(3, "1000", 4) = 4 [pid 3786] close(3) = 0 [pid 3786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3786] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3786] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [ 57.966691][ T3784] loop0: detected capacity change from 0 to 64 [pid 3786] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3787], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3787 [pid 3786] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3787 attached [pid 3787] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3787] memfd_create("syzkaller", 0) = 3 [pid 3787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3787] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3787] close(3) = 0 [pid 3787] mkdir("./file0", 0777) = 0 [pid 3787] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3787] chdir("./file0") = 0 [pid 3787] ioctl(4, LOOP_CLR_FD) = 0 [pid 3787] close(4) = 0 [pid 3787] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3786] <... futex resumed>) = 0 [pid 3786] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] <... futex resumed>) = 1 [pid 3787] open(".", O_RDONLY) = 4 [pid 3787] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3786] <... futex resumed>) = 0 [pid 3787] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3786] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3787] <... mkdirat resumed>) = 0 [pid 3786] <... futex resumed>) = 0 [pid 3786] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3787] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3786] <... futex resumed>) = 0 [pid 3787] sync( [pid 3786] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3786] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3786] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3788], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3788 [pid 3786] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3788 attached ) = 0 [pid 3788] set_robust_list(0x7fa6ebe889e0, 24 [pid 3786] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3788] <... set_robust_list resumed>) = 0 [pid 3787] <... sync resumed>) = 0 [pid 3788] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3787] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3787] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3788] <... openat resumed>) = 5 [pid 3788] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3786] <... futex resumed>) = 0 [pid 3788] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3786] exit_group(0 [pid 3788] <... futex resumed>) = ? [pid 3787] <... futex resumed>) = ? [pid 3786] <... exit_group resumed>) = ? [pid 3787] +++ exited with 0 +++ [pid 3788] +++ exited with 0 +++ [pid 3786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3786, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3789 [ 58.034749][ T3787] loop0: detected capacity change from 0 to 64 [ 58.037603][ T3632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 ./strace-static-x86_64: Process 3789 attached [pid 3789] set_robust_list(0x5555563795e0, 24) = 0 [pid 3789] chdir("./52") = 0 [pid 3789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3789] setpgid(0, 0) = 0 [pid 3789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3789] write(3, "1000", 4) = 4 [pid 3789] close(3) = 0 [pid 3789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3789] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3789] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3789] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3790 attached [pid 3790] set_robust_list(0x7fa6ebea99e0, 24 [pid 3789] <... clone resumed>, parent_tid=[3790], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3790 [pid 3790] <... set_robust_list resumed>) = 0 [pid 3789] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3790] memfd_create("syzkaller", 0) = 3 [pid 3790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3790] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3790] close(3) = 0 [pid 3790] mkdir("./file0", 0777) = 0 [pid 3790] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3790] chdir("./file0") = 0 [pid 3790] ioctl(4, LOOP_CLR_FD) = 0 [pid 3790] close(4) = 0 [pid 3790] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3790] open(".", O_RDONLY [pid 3789] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3790] <... open resumed>) = 4 [pid 3789] <... futex resumed>) = 0 [pid 3790] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3789] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] <... futex resumed>) = 0 [pid 3789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3790] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3789] <... futex resumed>) = 0 [pid 3790] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3789] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3790] <... mkdirat resumed>) = 0 [pid 3790] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3790] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3789] <... futex resumed>) = 0 [pid 3790] sync( [pid 3789] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3789] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3789] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3791 attached [pid 3790] <... sync resumed>) = 0 [pid 3789] <... clone resumed>, parent_tid=[3791], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3791 [pid 3791] set_robust_list(0x7fa6ebe889e0, 24 [pid 3790] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3791] <... set_robust_list resumed>) = 0 [pid 3789] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3790] <... futex resumed>) = 0 [pid 3791] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3789] <... futex resumed>) = 0 [pid 3790] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3791] <... openat resumed>) = 5 [pid 3791] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3789] <... futex resumed>) = 0 [pid 3791] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3789] exit_group(0 [pid 3791] <... futex resumed>) = ? [pid 3790] <... futex resumed>) = ? [pid 3789] <... exit_group resumed>) = ? [pid 3790] +++ exited with 0 +++ [pid 3791] +++ exited with 0 +++ [pid 3789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3789, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 58.115580][ T3790] loop0: detected capacity change from 0 to 64 [ 58.118541][ T3632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3792 ./strace-static-x86_64: Process 3792 attached [pid 3792] set_robust_list(0x5555563795e0, 24) = 0 [pid 3792] chdir("./53") = 0 [pid 3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3792] setpgid(0, 0) = 0 [pid 3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3792] write(3, "1000", 4) = 4 [pid 3792] close(3) = 0 [pid 3792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3792] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3792] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3792] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3793 attached , parent_tid=[3793], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3793 [pid 3792] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] set_robust_list(0x7fa6ebea99e0, 24 [pid 3792] <... futex resumed>) = 0 [pid 3792] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3793] <... set_robust_list resumed>) = 0 [pid 3793] memfd_create("syzkaller", 0) = 3 [pid 3793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3793] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3793] close(3) = 0 [pid 3793] mkdir("./file0", 0777) = 0 [pid 3793] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3793] chdir("./file0") = 0 [pid 3793] ioctl(4, LOOP_CLR_FD) = 0 [pid 3793] close(4) = 0 [pid 3793] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3792] <... futex resumed>) = 0 [pid 3792] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] <... futex resumed>) = 1 [pid 3793] open(".", O_RDONLY) = 4 [pid 3793] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3792] <... futex resumed>) = 0 [pid 3793] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3792] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3793] <... mkdirat resumed>) = 0 [pid 3792] <... futex resumed>) = 0 [pid 3793] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3792] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3793] <... futex resumed>) = 0 [pid 3792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3793] sync( [pid 3792] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3792] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3792] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3794], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3794 [pid 3792] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3792] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3794 attached [pid 3794] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3794] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3793] <... sync resumed>) = 0 [pid 3793] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3793] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3794] <... openat resumed>) = 5 [pid 3794] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3792] <... futex resumed>) = 0 [pid 3792] exit_group(0 [pid 3793] <... futex resumed>) = ? [pid 3792] <... exit_group resumed>) = ? [pid 3793] +++ exited with 0 +++ [pid 3794] <... futex resumed>) = ? [pid 3794] +++ exited with 0 +++ [pid 3792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 [ 58.221289][ T3793] loop0: detected capacity change from 0 to 64 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3795 ./strace-static-x86_64: Process 3795 attached [pid 3795] set_robust_list(0x5555563795e0, 24) = 0 [pid 3795] chdir("./54") = 0 [pid 3795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3795] setpgid(0, 0) = 0 [pid 3795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3795] write(3, "1000", 4) = 4 [pid 3795] close(3) = 0 [pid 3795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3795] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3795] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3795] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3796], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3796 [pid 3795] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3796 attached [pid 3796] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3796] memfd_create("syzkaller", 0) = 3 [pid 3796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3796] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3796] close(3) = 0 [pid 3796] mkdir("./file0", 0777) = 0 [pid 3796] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3796] chdir("./file0") = 0 [pid 3796] ioctl(4, LOOP_CLR_FD) = 0 [pid 3796] close(4) = 0 [pid 3796] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3795] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3796] open(".", O_RDONLY) = 4 [pid 3796] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3795] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3796] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3796] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3795] <... futex resumed>) = 0 [pid 3795] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3796] sync( [pid 3795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3795] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3795] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3797], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3797 [pid 3795] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3795] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3797 attached [pid 3796] <... sync resumed>) = 0 [pid 3797] set_robust_list(0x7fa6ebe889e0, 24 [pid 3796] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3797] <... set_robust_list resumed>) = 0 [pid 3796] <... futex resumed>) = 0 [pid 3797] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3796] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3797] <... openat resumed>) = 5 [pid 3797] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3797] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3795] <... futex resumed>) = 0 [pid 3795] exit_group(0 [pid 3796] <... futex resumed>) = ? [pid 3795] <... exit_group resumed>) = ? [pid 3796] +++ exited with 0 +++ [pid 3797] <... futex resumed>) = ? [pid 3797] +++ exited with 0 +++ [pid 3795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3795, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 58.290579][ T3796] loop0: detected capacity change from 0 to 64 [ 58.296388][ T3632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3798 ./strace-static-x86_64: Process 3798 attached [pid 3798] set_robust_list(0x5555563795e0, 24) = 0 [pid 3798] chdir("./55") = 0 [pid 3798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3798] setpgid(0, 0) = 0 [pid 3798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3798] write(3, "1000", 4) = 4 [pid 3798] close(3) = 0 [pid 3798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3798] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3798] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3798] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3799 attached , parent_tid=[3799], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3799 [pid 3798] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3799] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3799] memfd_create("syzkaller", 0) = 3 [pid 3799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3799] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3799] close(3) = 0 [pid 3799] mkdir("./file0", 0777) = 0 [pid 3799] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3799] chdir("./file0") = 0 [pid 3799] ioctl(4, LOOP_CLR_FD) = 0 [pid 3799] close(4) = 0 [pid 3799] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = 0 [pid 3798] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3799] <... futex resumed>) = 1 [pid 3799] open(".", O_RDONLY) = 4 [pid 3799] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = 0 [pid 3798] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3799] <... futex resumed>) = 1 [pid 3799] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3799] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = 0 [pid 3798] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3798] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3798] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3800], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3800 [pid 3798] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3798] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3799] <... futex resumed>) = 1 [pid 3799] sync(./strace-static-x86_64: Process 3800 attached [pid 3800] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3800] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3799] <... sync resumed>) = 0 [pid 3799] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3799] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3800] <... openat resumed>) = 5 [pid 3800] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3798] <... futex resumed>) = 0 [pid 3798] exit_group(0) = ? [pid 3799] <... futex resumed>) = ? [pid 3799] +++ exited with 0 +++ [pid 3800] <... futex resumed>) = ? [pid 3800] +++ exited with 0 +++ [pid 3798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3798, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3801 ./strace-static-x86_64: Process 3801 attached [pid 3801] set_robust_list(0x5555563795e0, 24) = 0 [pid 3801] chdir("./56") = 0 [pid 3801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3801] setpgid(0, 0) = 0 [ 58.396871][ T3799] loop0: detected capacity change from 0 to 64 [pid 3801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3801] write(3, "1000", 4) = 4 [pid 3801] close(3) = 0 [pid 3801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3801] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3801] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3801] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3802], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3802 ./strace-static-x86_64: Process 3802 attached [pid 3802] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3802] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3801] <... futex resumed>) = 0 [pid 3802] memfd_create("syzkaller", 0) = 3 [pid 3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3801] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3802] <... mmap resumed>) = 0x7fa6e3a00000 [pid 3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3802] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3802] close(3) = 0 [pid 3802] mkdir("./file0", 0777) = 0 [pid 3802] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3802] chdir("./file0") = 0 [pid 3802] ioctl(4, LOOP_CLR_FD) = 0 [pid 3802] close(4) = 0 [pid 3802] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3802] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3801] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] open(".", O_RDONLY) = 4 [pid 3802] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3802] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3801] <... futex resumed>) = 0 [pid 3802] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3801] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... mkdirat resumed>) = 0 [pid 3802] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3802] sync( [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3801] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3801] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3803 attached [pid 3803] set_robust_list(0x7fa6ebe889e0, 24 [pid 3801] <... clone resumed>, parent_tid=[3803], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3803 [pid 3801] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3803] <... set_robust_list resumed>) = 0 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3803] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3802] <... sync resumed>) = 0 [pid 3802] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3802] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3803] <... openat resumed>) = 5 [pid 3803] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3803] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3801] exit_group(0 [pid 3803] <... futex resumed>) = ? [pid 3802] <... futex resumed>) = ? [pid 3801] <... exit_group resumed>) = ? [pid 3802] +++ exited with 0 +++ [pid 3803] +++ exited with 0 +++ [pid 3801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3801, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 58.470573][ T3802] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3804 ./strace-static-x86_64: Process 3804 attached [pid 3804] set_robust_list(0x5555563795e0, 24) = 0 [pid 3804] chdir("./57") = 0 [pid 3804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3804] setpgid(0, 0) = 0 [pid 3804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3804] write(3, "1000", 4) = 4 [pid 3804] close(3) = 0 [pid 3804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3804] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3804] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3804] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3805 attached , parent_tid=[3805], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3805 [pid 3804] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3805] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3805] memfd_create("syzkaller", 0) = 3 [pid 3805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3805] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3805] close(3) = 0 [pid 3805] mkdir("./file0", 0777) = 0 [pid 3805] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3805] chdir("./file0") = 0 [pid 3805] ioctl(4, LOOP_CLR_FD) = 0 [pid 3805] close(4) = 0 [pid 3805] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3804] <... futex resumed>) = 0 [pid 3805] open(".", O_RDONLY [pid 3804] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... open resumed>) = 4 [pid 3804] <... futex resumed>) = 0 [pid 3805] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3804] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... futex resumed>) = 0 [pid 3804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3805] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3804] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3805] <... mkdirat resumed>) = 0 [pid 3804] <... futex resumed>) = 0 [pid 3805] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3804] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3805] <... futex resumed>) = 0 [pid 3804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3805] sync( [pid 3804] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3804] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3804] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3806], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3806 [pid 3804] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3804] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3806 attached [pid 3806] set_robust_list(0x7fa6ebe889e0, 24 [pid 3805] <... sync resumed>) = 0 [pid 3806] <... set_robust_list resumed>) = 0 [pid 3805] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3806] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3805] <... futex resumed>) = 0 [pid 3805] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3806] <... openat resumed>) = 5 [pid 3806] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3804] <... futex resumed>) = 0 [pid 3806] <... futex resumed>) = 1 [pid 3804] exit_group(0 [pid 3806] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3805] <... futex resumed>) = ? [pid 3804] <... exit_group resumed>) = ? [pid 3805] +++ exited with 0 +++ [pid 3806] +++ exited with 0 +++ [pid 3804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3804, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 58.555477][ T3805] loop0: detected capacity change from 0 to 64 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3807 attached [pid 3807] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3807 [pid 3807] <... set_robust_list resumed>) = 0 [pid 3807] chdir("./58") = 0 [pid 3807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3807] setpgid(0, 0) = 0 [pid 3807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3807] write(3, "1000", 4) = 4 [pid 3807] close(3) = 0 [pid 3807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3807] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3807] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3807] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3808 attached [pid 3808] set_robust_list(0x7fa6ebea99e0, 24 [pid 3807] <... clone resumed>, parent_tid=[3808], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3808 [pid 3808] <... set_robust_list resumed>) = 0 [pid 3808] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3808] <... futex resumed>) = 0 [pid 3807] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3808] memfd_create("syzkaller", 0) = 3 [pid 3808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3808] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3808] close(3) = 0 [pid 3808] mkdir("./file0", 0777) = 0 [pid 3808] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3808] chdir("./file0") = 0 [pid 3808] ioctl(4, LOOP_CLR_FD) = 0 [pid 3808] close(4) = 0 [pid 3808] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3807] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... futex resumed>) = 1 [pid 3808] open(".", O_RDONLY) = 4 [pid 3808] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3807] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3808] <... futex resumed>) = 1 [pid 3808] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3808] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3807] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3807] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 3808] <... futex resumed>) = 1 [pid 3807] <... mprotect resumed>) = 0 [pid 3808] sync( [pid 3807] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3809], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3809 [pid 3807] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3807] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3809 attached [pid 3809] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3809] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3809] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3807] <... futex resumed>) = 0 [pid 3809] <... futex resumed>) = 1 [pid 3809] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3808] <... sync resumed>) = 0 [pid 3808] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3808] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3807] exit_group(0) = ? [pid 3809] <... futex resumed>) = ? [pid 3809] +++ exited with 0 +++ [pid 3808] <... futex resumed>) = ? [pid 3808] +++ exited with 0 +++ [pid 3807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3807, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 [ 58.659019][ T3808] loop0: detected capacity change from 0 to 64 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3810 ./strace-static-x86_64: Process 3810 attached [pid 3810] set_robust_list(0x5555563795e0, 24) = 0 [pid 3810] chdir("./59") = 0 [pid 3810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3810] setpgid(0, 0) = 0 [pid 3810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3810] write(3, "1000", 4) = 4 [pid 3810] close(3) = 0 [pid 3810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3810] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3810] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3810] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3811], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3811 [pid 3810] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3811 attached [pid 3811] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3811] memfd_create("syzkaller", 0) = 3 [pid 3811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3811] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3811] close(3) = 0 [pid 3811] mkdir("./file0", 0777) = 0 [pid 3811] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3811] chdir("./file0") = 0 [pid 3811] ioctl(4, LOOP_CLR_FD) = 0 [pid 3811] close(4) = 0 [pid 3811] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3810] <... futex resumed>) = 0 [pid 3811] open(".", O_RDONLY [pid 3810] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3811] <... open resumed>) = 4 [pid 3810] <... futex resumed>) = 0 [pid 3811] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3811] <... futex resumed>) = 0 [pid 3810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3811] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3810] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3811] <... mkdirat resumed>) = 0 [pid 3810] <... futex resumed>) = 0 [pid 3811] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3811] <... futex resumed>) = 0 [pid 3810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3811] sync( [pid 3810] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3810] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3810] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3812], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3812 [pid 3810] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3810] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3812 attached [pid 3811] <... sync resumed>) = 0 [pid 3812] set_robust_list(0x7fa6ebe889e0, 24 [pid 3811] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3811] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3812] <... set_robust_list resumed>) = 0 [pid 3812] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3812] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3810] <... futex resumed>) = 0 [pid 3810] exit_group(0 [pid 3811] <... futex resumed>) = ? [pid 3810] <... exit_group resumed>) = ? [pid 3811] +++ exited with 0 +++ [pid 3812] <... futex resumed>) = ? [pid 3812] +++ exited with 0 +++ [pid 3810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3810, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 [ 58.741521][ T3811] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3813 ./strace-static-x86_64: Process 3813 attached [pid 3813] set_robust_list(0x5555563795e0, 24) = 0 [pid 3813] chdir("./60") = 0 [pid 3813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3813] setpgid(0, 0) = 0 [pid 3813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3813] write(3, "1000", 4) = 4 [pid 3813] close(3) = 0 [pid 3813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3813] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3813] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3813] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3814 attached , parent_tid=[3814], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3814 [pid 3813] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3814] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3814] memfd_create("syzkaller", 0) = 3 [pid 3814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3814] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3814] close(3) = 0 [pid 3814] mkdir("./file0", 0777) = 0 [pid 3814] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3814] chdir("./file0") = 0 [pid 3814] ioctl(4, LOOP_CLR_FD) = 0 [pid 3814] close(4) = 0 [pid 3814] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3813] <... futex resumed>) = 0 [pid 3813] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3814] <... futex resumed>) = 1 [pid 3814] open(".", O_RDONLY) = 4 [pid 3814] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3813] <... futex resumed>) = 0 [pid 3813] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3814] <... futex resumed>) = 1 [pid 3814] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3814] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3813] <... futex resumed>) = 0 [pid 3813] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3813] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3813] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3815], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3815 [pid 3813] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3813] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3814] <... futex resumed>) = 1 [pid 3814] sync(./strace-static-x86_64: Process 3815 attached [pid 3815] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3815] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3815] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3814] <... sync resumed>) = 0 [pid 3814] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3814] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3813] <... futex resumed>) = 0 [pid 3813] exit_group(0) = ? [pid 3814] <... futex resumed>) = ? [pid 3814] +++ exited with 0 +++ [pid 3815] <... futex resumed>) = ? [pid 3815] +++ exited with 0 +++ [pid 3813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3813, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3816 ./strace-static-x86_64: Process 3816 attached [pid 3816] set_robust_list(0x5555563795e0, 24) = 0 [pid 3816] chdir("./61") = 0 [pid 3816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3816] setpgid(0, 0) = 0 [ 58.826052][ T3814] loop0: detected capacity change from 0 to 64 [pid 3816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3816] write(3, "1000", 4) = 4 [pid 3816] close(3) = 0 [pid 3816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3816] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3816] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3816] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3817], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3817 [pid 3816] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3816] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3817 attached [pid 3817] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3817] memfd_create("syzkaller", 0) = 3 [pid 3817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3817] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3817] close(3) = 0 [pid 3817] mkdir("./file0", 0777) = 0 [pid 3817] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3817] chdir("./file0") = 0 [pid 3817] ioctl(4, LOOP_CLR_FD) = 0 [pid 3817] close(4) = 0 [pid 3817] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3816] <... futex resumed>) = 0 [pid 3816] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3816] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3817] open(".", O_RDONLY) = 4 [pid 3817] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3816] <... futex resumed>) = 0 [pid 3817] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3816] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3816] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3817] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3817] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3816] <... futex resumed>) = 0 [pid 3816] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3816] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3817] sync( [pid 3816] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3816] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3816] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3818 attached , parent_tid=[3818], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3818 [pid 3818] set_robust_list(0x7fa6ebe889e0, 24 [pid 3816] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3818] <... set_robust_list resumed>) = 0 [pid 3816] <... futex resumed>) = 0 [pid 3818] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3816] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3818] <... openat resumed>) = 5 [pid 3817] <... sync resumed>) = 0 [pid 3817] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3817] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3818] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3816] <... futex resumed>) = 0 [pid 3818] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3816] exit_group(0 [pid 3818] <... futex resumed>) = ? [pid 3817] <... futex resumed>) = ? [pid 3816] <... exit_group resumed>) = ? [pid 3818] +++ exited with 0 +++ [pid 3817] +++ exited with 0 +++ [pid 3816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3816, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 [ 58.904457][ T3817] loop0: detected capacity change from 0 to 64 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3819 ./strace-static-x86_64: Process 3819 attached [pid 3819] set_robust_list(0x5555563795e0, 24) = 0 [pid 3819] chdir("./62") = 0 [pid 3819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3819] setpgid(0, 0) = 0 [pid 3819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3819] write(3, "1000", 4) = 4 [pid 3819] close(3) = 0 [pid 3819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3819] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3819] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3819] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3820 attached , parent_tid=[3820], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3820 [pid 3820] set_robust_list(0x7fa6ebea99e0, 24 [pid 3819] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3820] <... set_robust_list resumed>) = 0 [pid 3819] <... futex resumed>) = 0 [pid 3820] memfd_create("syzkaller", 0 [pid 3819] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3820] <... memfd_create resumed>) = 3 [pid 3820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3820] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3820] close(3) = 0 [pid 3820] mkdir("./file0", 0777) = 0 [pid 3820] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3820] chdir("./file0") = 0 [pid 3820] ioctl(4, LOOP_CLR_FD) = 0 [pid 3820] close(4) = 0 [pid 3820] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3819] <... futex resumed>) = 0 [pid 3820] open(".", O_RDONLY [pid 3819] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3820] <... open resumed>) = 4 [pid 3819] <... futex resumed>) = 0 [pid 3819] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3820] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3820] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3819] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3819] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3820] <... mkdirat resumed>) = 0 [pid 3820] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3819] <... futex resumed>) = 0 [pid 3819] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3819] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3820] sync( [pid 3819] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3819] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3819] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3821 attached , parent_tid=[3821], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3821 [pid 3819] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3821] set_robust_list(0x7fa6ebe889e0, 24 [pid 3819] <... futex resumed>) = 0 [pid 3819] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3820] <... sync resumed>) = 0 [pid 3820] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3820] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3821] <... set_robust_list resumed>) = 0 [pid 3821] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3821] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3819] <... futex resumed>) = 0 [pid 3821] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3819] exit_group(0 [pid 3820] <... futex resumed>) = ? [pid 3819] <... exit_group resumed>) = ? [pid 3820] +++ exited with 0 +++ [pid 3821] <... futex resumed>) = ? [pid 3821] +++ exited with 0 +++ [pid 3819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3819, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 [ 58.997689][ T3820] loop0: detected capacity change from 0 to 64 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3822 ./strace-static-x86_64: Process 3822 attached [pid 3822] set_robust_list(0x5555563795e0, 24) = 0 [pid 3822] chdir("./63") = 0 [pid 3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3822] setpgid(0, 0) = 0 [pid 3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3822] write(3, "1000", 4) = 4 [pid 3822] close(3) = 0 [pid 3822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3822] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3822] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3822] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3823 attached , parent_tid=[3823], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3823 [pid 3823] set_robust_list(0x7fa6ebea99e0, 24 [pid 3822] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] <... set_robust_list resumed>) = 0 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3823] memfd_create("syzkaller", 0) = 3 [pid 3823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3823] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3823] close(3) = 0 [pid 3823] mkdir("./file0", 0777) = 0 [pid 3823] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3823] chdir("./file0") = 0 [pid 3823] ioctl(4, LOOP_CLR_FD) = 0 [pid 3823] close(4) = 0 [pid 3823] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3823] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] <... futex resumed>) = 0 [pid 3822] <... futex resumed>) = 1 [pid 3823] open(".", O_RDONLY) = 4 [pid 3823] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3823] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3822] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3822] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] <... futex resumed>) = 0 [pid 3822] <... futex resumed>) = 1 [pid 3823] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3822] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... mkdirat resumed>) = 0 [pid 3823] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] sync( [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3822] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3822] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3823] <... sync resumed>) = 0 [pid 3822] <... clone resumed>, parent_tid=[3824], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3824 [pid 3822] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3823] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3823] <... futex resumed>) = 0 [pid 3822] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3824 attached [pid 3824] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3824] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3824] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3822] <... futex resumed>) = 0 [pid 3824] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3822] exit_group(0) = ? [pid 3823] <... futex resumed>) = ? [pid 3823] +++ exited with 0 +++ [pid 3824] <... futex resumed>) = ? [pid 3824] +++ exited with 0 +++ [pid 3822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 [ 59.095520][ T3823] loop0: detected capacity change from 0 to 64 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3825 ./strace-static-x86_64: Process 3825 attached [pid 3825] set_robust_list(0x5555563795e0, 24) = 0 [pid 3825] chdir("./64") = 0 [pid 3825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3825] setpgid(0, 0) = 0 [pid 3825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3825] write(3, "1000", 4) = 4 [pid 3825] close(3) = 0 [pid 3825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3825] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3825] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3825] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3826], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3826 [pid 3825] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3826 attached ) = 0 [pid 3826] set_robust_list(0x7fa6ebea99e0, 24 [pid 3825] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3826] <... set_robust_list resumed>) = 0 [pid 3826] memfd_create("syzkaller", 0) = 3 [pid 3826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3826] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3826] close(3) = 0 [pid 3826] mkdir("./file0", 0777) = 0 [pid 3826] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3826] chdir("./file0") = 0 [pid 3826] ioctl(4, LOOP_CLR_FD) = 0 [pid 3826] close(4) = 0 [pid 3826] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3825] <... futex resumed>) = 0 [pid 3825] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3826] open(".", O_RDONLY [pid 3825] <... futex resumed>) = 0 [pid 3825] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3826] <... open resumed>) = 4 [pid 3826] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3825] <... futex resumed>) = 0 [pid 3825] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3825] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3826] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3826] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3825] <... futex resumed>) = 0 [pid 3825] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3825] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3825] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3825] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3827 attached , parent_tid=[3827], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3827 [pid 3825] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3825] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3827] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3827] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3826] <... futex resumed>) = 1 [pid 3826] sync( [pid 3827] <... openat resumed>) = 5 [pid 3827] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3827] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3825] <... futex resumed>) = 0 [pid 3826] <... sync resumed>) = 0 [pid 3826] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3825] exit_group(0) = ? [pid 3827] <... futex resumed>) = ? [pid 3827] +++ exited with 0 +++ [pid 3826] +++ exited with 0 +++ [pid 3825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3825, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 59.178076][ T3826] loop0: detected capacity change from 0 to 64 lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3828 attached , child_tidptr=0x5555563795d0) = 3828 [pid 3828] set_robust_list(0x5555563795e0, 24) = 0 [pid 3828] chdir("./65") = 0 [pid 3828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3828] setpgid(0, 0) = 0 [pid 3828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3828] write(3, "1000", 4) = 4 [pid 3828] close(3) = 0 [pid 3828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3828] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3828] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3828] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3829 attached , parent_tid=[3829], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3829 [pid 3829] set_robust_list(0x7fa6ebea99e0, 24 [pid 3828] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] <... set_robust_list resumed>) = 0 [pid 3829] memfd_create("syzkaller", 0 [pid 3828] <... futex resumed>) = 0 [pid 3829] <... memfd_create resumed>) = 3 [pid 3829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 3828] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3829] <... write resumed>) = 32768 [pid 3829] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3829] close(3) = 0 [pid 3829] mkdir("./file0", 0777) = 0 [pid 3829] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3829] chdir("./file0") = 0 [pid 3829] ioctl(4, LOOP_CLR_FD) = 0 [pid 3829] close(4) = 0 [pid 3829] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3828] <... futex resumed>) = 0 [pid 3828] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] open(".", O_RDONLY [pid 3828] <... futex resumed>) = 0 [pid 3828] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3829] <... open resumed>) = 4 [pid 3829] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3828] <... futex resumed>) = 0 [pid 3828] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3828] <... futex resumed>) = 0 [pid 3828] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3829] <... mkdirat resumed>) = 0 [pid 3829] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3828] <... futex resumed>) = 0 [pid 3828] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3829] sync( [pid 3828] <... futex resumed>) = 0 [pid 3828] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3828] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3828] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3829] <... sync resumed>) = 0 [pid 3829] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3828] <... clone resumed>, parent_tid=[3830], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3830 [pid 3828] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3828] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3829] <... futex resumed>) = 0 ./strace-static-x86_64: Process 3830 attached [pid 3830] set_robust_list(0x7fa6ebe889e0, 24 [pid 3829] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3830] <... set_robust_list resumed>) = 0 [pid 3830] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3830] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3828] <... futex resumed>) = 0 [pid 3828] exit_group(0 [pid 3829] <... futex resumed>) = ? [pid 3828] <... exit_group resumed>) = ? [pid 3829] +++ exited with 0 +++ [pid 3830] <... futex resumed>) = ? [pid 3830] +++ exited with 0 +++ [pid 3828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3828, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 [ 59.275213][ T3829] loop0: detected capacity change from 0 to 64 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3831 ./strace-static-x86_64: Process 3831 attached [pid 3831] set_robust_list(0x5555563795e0, 24) = 0 [pid 3831] chdir("./66") = 0 [pid 3831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3831] setpgid(0, 0) = 0 [pid 3831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3831] write(3, "1000", 4) = 4 [pid 3831] close(3) = 0 [pid 3831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3831] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3831] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3831] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3832 attached [pid 3832] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3832] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3831] <... clone resumed>, parent_tid=[3832], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3832 [pid 3831] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3832] <... futex resumed>) = 0 [pid 3832] memfd_create("syzkaller", 0 [pid 3831] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3832] <... memfd_create resumed>) = 3 [pid 3832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3832] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3832] close(3) = 0 [pid 3832] mkdir("./file0", 0777) = 0 [pid 3832] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3832] chdir("./file0") = 0 [pid 3832] ioctl(4, LOOP_CLR_FD) = 0 [pid 3832] close(4) = 0 [pid 3832] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3831] <... futex resumed>) = 0 [pid 3831] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3831] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3832] open(".", O_RDONLY) = 4 [pid 3832] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3831] <... futex resumed>) = 0 [pid 3832] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3831] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3831] <... futex resumed>) = 0 [pid 3832] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3831] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3832] <... mkdirat resumed>) = 0 [pid 3832] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3831] <... futex resumed>) = 0 [pid 3832] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3831] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3831] <... futex resumed>) = 0 [pid 3832] sync( [pid 3831] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3831] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3831] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3833], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3833 [pid 3831] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3831] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3833 attached [pid 3833] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3832] <... sync resumed>) = 0 [pid 3832] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3832] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3833] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3833] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3831] <... futex resumed>) = 0 [pid 3831] exit_group(0 [pid 3832] <... futex resumed>) = ? [pid 3831] <... exit_group resumed>) = ? [pid 3832] +++ exited with 0 +++ [pid 3833] +++ exited with 0 +++ [pid 3831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3831, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 [ 59.354277][ T3832] loop0: detected capacity change from 0 to 64 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3834 attached , child_tidptr=0x5555563795d0) = 3834 [pid 3834] set_robust_list(0x5555563795e0, 24) = 0 [pid 3834] chdir("./67") = 0 [pid 3834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3834] setpgid(0, 0) = 0 [pid 3834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3834] write(3, "1000", 4) = 4 [pid 3834] close(3) = 0 [pid 3834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3834] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3834] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3834] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3835 attached , parent_tid=[3835], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3835 [pid 3835] set_robust_list(0x7fa6ebea99e0, 24 [pid 3834] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3835] <... set_robust_list resumed>) = 0 [pid 3834] <... futex resumed>) = 0 [pid 3834] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3835] memfd_create("syzkaller", 0) = 3 [pid 3835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3835] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3835] close(3) = 0 [pid 3835] mkdir("./file0", 0777) = 0 [pid 3835] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3835] chdir("./file0") = 0 [pid 3835] ioctl(4, LOOP_CLR_FD) = 0 [pid 3835] close(4) = 0 [pid 3835] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3835] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3834] <... futex resumed>) = 0 [pid 3834] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3835] <... futex resumed>) = 0 [pid 3834] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3835] open(".", O_RDONLY) = 4 [pid 3835] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3835] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3834] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3834] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3835] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3835] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3834] <... futex resumed>) = 0 [pid 3835] sync( [pid 3834] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3834] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3834] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3834] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3835] <... sync resumed>) = 0 [pid 3835] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3834] <... clone resumed>, parent_tid=[3836], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3836 [pid 3835] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3834] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3836 attached ) = 0 [pid 3834] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3836] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3836] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3836] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3834] <... futex resumed>) = 0 [pid 3836] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3834] exit_group(0 [pid 3835] <... futex resumed>) = ? [pid 3834] <... exit_group resumed>) = ? [pid 3835] +++ exited with 0 +++ [pid 3836] <... futex resumed>) = ? [pid 3836] +++ exited with 0 +++ [pid 3834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3834, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 59.444083][ T3835] loop0: detected capacity change from 0 to 64 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3837 attached , child_tidptr=0x5555563795d0) = 3837 [pid 3837] set_robust_list(0x5555563795e0, 24) = 0 [pid 3837] chdir("./68") = 0 [pid 3837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3837] setpgid(0, 0) = 0 [pid 3837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3837] write(3, "1000", 4) = 4 [pid 3837] close(3) = 0 [pid 3837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3837] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3837] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3837] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3838 attached , parent_tid=[3838], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3838 [pid 3838] set_robust_list(0x7fa6ebea99e0, 24 [pid 3837] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3838] <... set_robust_list resumed>) = 0 [pid 3838] memfd_create("syzkaller", 0) = 3 [pid 3838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3838] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3838] close(3) = 0 [pid 3838] mkdir("./file0", 0777) = 0 [pid 3838] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3838] chdir("./file0") = 0 [pid 3838] ioctl(4, LOOP_CLR_FD) = 0 [pid 3838] close(4) = 0 [pid 3838] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3837] <... futex resumed>) = 0 [pid 3837] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3838] open(".", O_RDONLY) = 4 [pid 3838] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3837] <... futex resumed>) = 0 [pid 3838] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3837] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3838] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3838] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3837] <... futex resumed>) = 0 [pid 3838] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3837] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3837] <... futex resumed>) = 0 [pid 3838] sync( [pid 3837] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3837] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3837] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3839 attached , parent_tid=[3839], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3839 [pid 3837] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3839] set_robust_list(0x7fa6ebe889e0, 24 [pid 3837] <... futex resumed>) = 0 [pid 3839] <... set_robust_list resumed>) = 0 [pid 3837] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3839] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3839] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3838] <... sync resumed>) = 0 [pid 3838] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3838] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3839] <... futex resumed>) = 1 [pid 3837] <... futex resumed>) = 0 [pid 3839] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3837] exit_group(0) = ? [pid 3838] <... futex resumed>) = ? [pid 3839] <... futex resumed>) = ? [pid 3839] +++ exited with 0 +++ [pid 3838] +++ exited with 0 +++ [pid 3837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3837, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 59.528761][ T3838] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3840 attached , child_tidptr=0x5555563795d0) = 3840 [pid 3840] set_robust_list(0x5555563795e0, 24) = 0 [pid 3840] chdir("./69") = 0 [pid 3840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3840] setpgid(0, 0) = 0 [pid 3840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3840] write(3, "1000", 4) = 4 [pid 3840] close(3) = 0 [pid 3840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3840] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3840] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3840] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3841 attached , parent_tid=[3841], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3841 [pid 3840] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3840] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3841] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3841] memfd_create("syzkaller", 0) = 3 [pid 3841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3841] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3841] close(3) = 0 [pid 3841] mkdir("./file0", 0777) = 0 [pid 3841] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3841] chdir("./file0") = 0 [pid 3841] ioctl(4, LOOP_CLR_FD) = 0 [pid 3841] close(4) = 0 [pid 3841] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3840] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3840] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3841] <... futex resumed>) = 1 [pid 3841] open(".", O_RDONLY) = 4 [pid 3841] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3841] <... futex resumed>) = 1 [pid 3840] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3841] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3840] <... futex resumed>) = 0 [pid 3841] <... mkdirat resumed>) = 0 [pid 3840] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3841] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3840] <... futex resumed>) = 0 [pid 3841] sync( [pid 3840] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3840] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3840] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3840] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3842], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3842 [pid 3840] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3840] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3842 attached [pid 3842] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3841] <... sync resumed>) = 0 [pid 3841] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3841] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3842] <... openat resumed>) = 5 [pid 3842] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3840] <... futex resumed>) = 0 [pid 3840] exit_group(0 [pid 3841] <... futex resumed>) = ? [pid 3840] <... exit_group resumed>) = ? [pid 3841] +++ exited with 0 +++ [pid 3842] <... futex resumed>) = ? [pid 3842] +++ exited with 0 +++ [pid 3840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3840, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 59.605892][ T3841] loop0: detected capacity change from 0 to 64 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3843 ./strace-static-x86_64: Process 3843 attached [pid 3843] set_robust_list(0x5555563795e0, 24) = 0 [pid 3843] chdir("./70") = 0 [pid 3843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3843] setpgid(0, 0) = 0 [pid 3843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3843] write(3, "1000", 4) = 4 [pid 3843] close(3) = 0 [pid 3843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3843] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3843] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3843] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3844], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3844 [pid 3843] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3844 attached [pid 3844] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3844] memfd_create("syzkaller", 0) = 3 [pid 3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3844] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3844] close(3) = 0 [pid 3844] mkdir("./file0", 0777) = 0 [pid 3844] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3844] chdir("./file0") = 0 [pid 3844] ioctl(4, LOOP_CLR_FD) = 0 [pid 3844] close(4) = 0 [pid 3844] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] open(".", O_RDONLY) = 4 [pid 3844] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3843] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... mkdirat resumed>) = 0 [pid 3844] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3843] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3844] sync( [pid 3843] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3843] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3843] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3845], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3845 [pid 3843] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3845 attached [pid 3845] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3845] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3845] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3845] <... futex resumed>) = 1 [pid 3845] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3844] <... sync resumed>) = 0 [pid 3844] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] exit_group(0) = ? [pid 3845] <... futex resumed>) = ? [pid 3845] +++ exited with 0 +++ [pid 3844] +++ exited with 0 +++ [pid 3843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3843, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 59.709129][ T3844] loop0: detected capacity change from 0 to 64 lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3846 ./strace-static-x86_64: Process 3846 attached [pid 3846] set_robust_list(0x5555563795e0, 24) = 0 [pid 3846] chdir("./71") = 0 [pid 3846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3846] setpgid(0, 0) = 0 [pid 3846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3846] write(3, "1000", 4) = 4 [pid 3846] close(3) = 0 [pid 3846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3846] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3846] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3846] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3847], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3847 [pid 3846] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3846] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3847 attached [pid 3847] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3847] memfd_create("syzkaller", 0) = 3 [pid 3847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3847] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3847] close(3) = 0 [pid 3847] mkdir("./file0", 0777) = 0 [pid 3847] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3847] chdir("./file0") = 0 [pid 3847] ioctl(4, LOOP_CLR_FD) = 0 [pid 3847] close(4) = 0 [pid 3847] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] <... futex resumed>) = 0 [pid 3847] <... futex resumed>) = 1 [pid 3846] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3847] open(".", O_RDONLY [pid 3846] <... futex resumed>) = 0 [pid 3846] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3847] <... open resumed>) = 4 [pid 3847] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3846] <... futex resumed>) = 0 [pid 3847] <... futex resumed>) = 1 [pid 3846] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3847] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3846] <... futex resumed>) = 0 [pid 3846] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3847] <... mkdirat resumed>) = 0 [pid 3847] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3846] <... futex resumed>) = 0 [pid 3847] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3846] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3846] <... futex resumed>) = 0 [pid 3847] sync( [pid 3846] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3846] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3846] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3848], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3848 [pid 3846] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3848 attached ) = 0 [pid 3846] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3848] set_robust_list(0x7fa6ebe889e0, 24 [pid 3847] <... sync resumed>) = 0 [pid 3848] <... set_robust_list resumed>) = 0 [pid 3847] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3847] <... futex resumed>) = 0 [pid 3847] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3848] <... openat resumed>) = 5 [pid 3848] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3846] <... futex resumed>) = 0 [pid 3848] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3846] exit_group(0) = ? [pid 3848] <... futex resumed>) = ? [pid 3847] <... futex resumed>) = ? [pid 3847] +++ exited with 0 +++ [pid 3848] +++ exited with 0 +++ [pid 3846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3846, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3849 attached [ 59.791766][ T3847] loop0: detected capacity change from 0 to 64 [pid 3849] set_robust_list(0x5555563795e0, 24) = 0 [pid 3849] chdir("./72") = 0 [pid 3849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3849] setpgid(0, 0) = 0 [pid 3849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3849 [pid 3849] <... openat resumed>) = 3 [pid 3849] write(3, "1000", 4) = 4 [pid 3849] close(3) = 0 [pid 3849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3849] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3849] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3849] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3850], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3850 [pid 3849] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3849] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3850 attached [pid 3850] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3850] memfd_create("syzkaller", 0) = 3 [pid 3850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3850] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3850] close(3) = 0 [pid 3850] mkdir("./file0", 0777) = 0 [pid 3850] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3850] chdir("./file0") = 0 [pid 3850] ioctl(4, LOOP_CLR_FD) = 0 [pid 3850] close(4) = 0 [pid 3850] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3849] <... futex resumed>) = 0 [pid 3849] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3849] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3850] open(".", O_RDONLY) = 4 [pid 3850] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3849] <... futex resumed>) = 0 [pid 3849] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3850] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3849] <... futex resumed>) = 0 [pid 3849] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3850] <... mkdirat resumed>) = 0 [pid 3850] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3849] <... futex resumed>) = 0 [pid 3850] <... futex resumed>) = 1 [pid 3849] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3850] sync( [pid 3849] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3849] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3849] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3851], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3851 [pid 3849] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3849] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3850] <... sync resumed>) = 0 [pid 3850] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3850] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3851 attached [pid 3851] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3851] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3851] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3849] <... futex resumed>) = 0 [pid 3851] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3849] exit_group(0 [pid 3851] <... futex resumed>) = ? [pid 3850] <... futex resumed>) = ? [pid 3849] <... exit_group resumed>) = ? [pid 3851] +++ exited with 0 +++ [pid 3850] +++ exited with 0 +++ [pid 3849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3849, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 59.867511][ T3850] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3852 attached , child_tidptr=0x5555563795d0) = 3852 [pid 3852] set_robust_list(0x5555563795e0, 24) = 0 [pid 3852] chdir("./73") = 0 [pid 3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3852] setpgid(0, 0) = 0 [pid 3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3852] write(3, "1000", 4) = 4 [pid 3852] close(3) = 0 [pid 3852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3852] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3852] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3852] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3853 attached , parent_tid=[3853], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3853 [pid 3853] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3853] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3852] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3853] <... futex resumed>) = 0 [pid 3852] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3853] memfd_create("syzkaller", 0) = 3 [pid 3853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3853] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3853] close(3) = 0 [pid 3853] mkdir("./file0", 0777) = 0 [pid 3853] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3853] chdir("./file0") = 0 [pid 3853] ioctl(4, LOOP_CLR_FD) = 0 [pid 3853] close(4) = 0 [pid 3853] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... futex resumed>) = 1 [pid 3853] open(".", O_RDONLY) = 4 [pid 3853] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... futex resumed>) = 1 [pid 3853] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3853] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] <... futex resumed>) = 0 [pid 3852] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3852] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3852] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3854], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3854 [pid 3852] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3853] <... futex resumed>) = 1 [pid 3853] sync(./strace-static-x86_64: Process 3854 attached [pid 3854] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3854] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3852] <... futex resumed>) = 0 [pid 3854] <... futex resumed>) = 1 [pid 3854] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3853] <... sync resumed>) = 0 [pid 3853] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3852] exit_group(0) = ? [pid 3853] +++ exited with 0 +++ [pid 3854] <... futex resumed>) = ? [pid 3854] +++ exited with 0 +++ [pid 3852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 [ 59.969465][ T3853] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3855 ./strace-static-x86_64: Process 3855 attached [pid 3855] set_robust_list(0x5555563795e0, 24) = 0 [pid 3855] chdir("./74") = 0 [pid 3855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3855] setpgid(0, 0) = 0 [pid 3855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3855] write(3, "1000", 4) = 4 [pid 3855] close(3) = 0 [pid 3855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3855] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3855] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3855] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3856], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3856 [pid 3855] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3856 attached [pid 3856] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3856] memfd_create("syzkaller", 0) = 3 [pid 3856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3856] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3856] close(3) = 0 [pid 3856] mkdir("./file0", 0777) = 0 [pid 3856] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3856] chdir("./file0") = 0 [pid 3856] ioctl(4, LOOP_CLR_FD) = 0 [pid 3856] close(4) = 0 [pid 3856] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3855] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3856] open(".", O_RDONLY) = 4 [pid 3856] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3855] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3856] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3855] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3856] <... mkdirat resumed>) = 0 [pid 3856] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3855] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3856] sync( [pid 3855] <... futex resumed>) = 0 [pid 3855] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3855] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3855] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3857 attached , parent_tid=[3857], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3857 [pid 3855] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3857] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3857] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3857] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3855] <... futex resumed>) = 0 [pid 3857] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3856] <... sync resumed>) = 0 [pid 3856] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3855] exit_group(0 [pid 3857] <... futex resumed>) = ? [pid 3855] <... exit_group resumed>) = ? [pid 3856] +++ exited with 0 +++ [pid 3857] +++ exited with 0 +++ [pid 3855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3855, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 [ 60.054405][ T3856] loop0: detected capacity change from 0 to 64 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3858 ./strace-static-x86_64: Process 3858 attached [pid 3858] set_robust_list(0x5555563795e0, 24) = 0 [pid 3858] chdir("./75") = 0 [pid 3858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3858] setpgid(0, 0) = 0 [pid 3858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3858] write(3, "1000", 4) = 4 [pid 3858] close(3) = 0 [pid 3858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3858] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3858] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3858] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3859], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3859 [pid 3858] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3859 attached [pid 3859] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3859] memfd_create("syzkaller", 0) = 3 [pid 3859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3859] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3859] close(3) = 0 [pid 3859] mkdir("./file0", 0777) = 0 [pid 3859] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3859] chdir("./file0") = 0 [pid 3859] ioctl(4, LOOP_CLR_FD) = 0 [pid 3859] close(4) = 0 [pid 3859] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... futex resumed>) = 0 [pid 3858] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... futex resumed>) = 1 [pid 3859] open(".", O_RDONLY) = 4 [pid 3859] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... futex resumed>) = 0 [pid 3858] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3859] <... futex resumed>) = 1 [pid 3859] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3859] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3858] <... futex resumed>) = 0 [pid 3858] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3858] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3858] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3860 attached , parent_tid=[3860], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3860 [pid 3858] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3860] set_robust_list(0x7fa6ebe889e0, 24 [pid 3859] <... futex resumed>) = 1 [pid 3859] sync( [pid 3860] <... set_robust_list resumed>) = 0 [pid 3860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3860] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3858] <... futex resumed>) = 0 [pid 3860] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3859] <... sync resumed>) = 0 [pid 3859] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3858] exit_group(0) = ? [pid 3860] <... futex resumed>) = ? [pid 3860] +++ exited with 0 +++ [pid 3859] +++ exited with 0 +++ [pid 3858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3858, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 [ 60.130495][ T3859] loop0: detected capacity change from 0 to 64 [ 60.136137][ T3632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3861 ./strace-static-x86_64: Process 3861 attached [pid 3861] set_robust_list(0x5555563795e0, 24) = 0 [pid 3861] chdir("./76") = 0 [pid 3861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3861] setpgid(0, 0) = 0 [pid 3861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3861] write(3, "1000", 4) = 4 [pid 3861] close(3) = 0 [pid 3861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3861] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3861] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3861] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3862 attached , parent_tid=[3862], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3862 [pid 3861] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3862] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3862] memfd_create("syzkaller", 0) = 3 [pid 3862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3862] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3862] close(3) = 0 [pid 3862] mkdir("./file0", 0777) = 0 [pid 3862] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3862] chdir("./file0") = 0 [pid 3862] ioctl(4, LOOP_CLR_FD) = 0 [pid 3862] close(4) = 0 [pid 3862] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3861] <... futex resumed>) = 0 [pid 3861] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... futex resumed>) = 1 [pid 3862] open(".", O_RDONLY) = 4 [pid 3862] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3861] <... futex resumed>) = 0 [pid 3861] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... futex resumed>) = 1 [pid 3862] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3862] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3861] <... futex resumed>) = 0 [pid 3861] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3861] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3861] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3863], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3863 [pid 3861] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3861] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3862] <... futex resumed>) = 1 [pid 3862] sync(./strace-static-x86_64: Process 3863 attached [pid 3863] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3863] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3863] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3861] <... futex resumed>) = 0 [pid 3863] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3862] <... sync resumed>) = 0 [pid 3862] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3862] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3861] exit_group(0) = ? [pid 3863] <... futex resumed>) = ? [pid 3862] <... futex resumed>) = ? [pid 3862] +++ exited with 0 +++ [pid 3863] +++ exited with 0 +++ [pid 3861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3861, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 [ 60.242791][ T3862] loop0: detected capacity change from 0 to 64 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3864 ./strace-static-x86_64: Process 3864 attached [pid 3864] set_robust_list(0x5555563795e0, 24) = 0 [pid 3864] chdir("./77") = 0 [pid 3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3864] setpgid(0, 0) = 0 [pid 3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3864] write(3, "1000", 4) = 4 [pid 3864] close(3) = 0 [pid 3864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3864] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3864] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3865 attached [pid 3865] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3864] <... clone resumed>, parent_tid=[3865], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3865 [pid 3865] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3864] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] memfd_create("syzkaller", 0) = 3 [pid 3864] <... futex resumed>) = 0 [pid 3865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3864] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3865] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3865] close(3) = 0 [pid 3865] mkdir("./file0", 0777) = 0 [pid 3865] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3865] chdir("./file0") = 0 [pid 3865] ioctl(4, LOOP_CLR_FD) = 0 [pid 3865] close(4) = 0 [pid 3865] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] open(".", O_RDONLY) = 4 [pid 3865] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3865] <... futex resumed>) = 1 [pid 3864] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3864] <... futex resumed>) = 0 [pid 3865] <... mkdirat resumed>) = 0 [pid 3864] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3865] sync( [pid 3864] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3864] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3866 attached , parent_tid=[3866], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3866 [pid 3866] set_robust_list(0x7fa6ebe889e0, 24 [pid 3864] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3866] <... set_robust_list resumed>) = 0 [pid 3864] <... futex resumed>) = 0 [pid 3866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3864] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... sync resumed>) = 0 [pid 3865] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3866] <... openat resumed>) = 5 [pid 3865] <... futex resumed>) = 0 [pid 3866] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3865] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3866] <... futex resumed>) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3866] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] exit_group(0 [pid 3866] <... futex resumed>) = ? [pid 3865] <... futex resumed>) = ? [pid 3864] <... exit_group resumed>) = ? [pid 3866] +++ exited with 0 +++ [pid 3865] +++ exited with 0 +++ [pid 3864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3867 [ 60.333193][ T3865] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 3867 attached [pid 3867] set_robust_list(0x5555563795e0, 24) = 0 [pid 3867] chdir("./78") = 0 [pid 3867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3867] setpgid(0, 0) = 0 [pid 3867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3867] write(3, "1000", 4) = 4 [pid 3867] close(3) = 0 [pid 3867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3867] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3867] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3867] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3868 attached , parent_tid=[3868], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3868 [pid 3867] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3868] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3868] memfd_create("syzkaller", 0) = 3 [pid 3868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3868] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3868] close(3) = 0 [pid 3868] mkdir("./file0", 0777) = 0 [pid 3868] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3868] chdir("./file0") = 0 [pid 3868] ioctl(4, LOOP_CLR_FD) = 0 [pid 3868] close(4) = 0 [pid 3868] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] open(".", O_RDONLY) = 4 [pid 3868] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3868] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3868] sync( [pid 3867] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3867] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3867] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3869 attached [pid 3869] set_robust_list(0x7fa6ebe889e0, 24 [pid 3867] <... clone resumed>, parent_tid=[3869], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3869 [pid 3869] <... set_robust_list resumed>) = 0 [pid 3867] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3867] <... futex resumed>) = 0 [pid 3867] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3868] <... sync resumed>) = 0 [pid 3869] <... openat resumed>) = 5 [pid 3869] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3867] <... futex resumed>) = 0 [pid 3869] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3868] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3868] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3867] exit_group(0 [pid 3868] <... futex resumed>) = ? [pid 3867] <... exit_group resumed>) = ? [pid 3869] <... futex resumed>) = ? [pid 3868] +++ exited with 0 +++ [pid 3869] +++ exited with 0 +++ [pid 3867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3867, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 60.417425][ T3868] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3870 ./strace-static-x86_64: Process 3870 attached [pid 3870] set_robust_list(0x5555563795e0, 24) = 0 [pid 3870] chdir("./79") = 0 [pid 3870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3870] setpgid(0, 0) = 0 [pid 3870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3870] write(3, "1000", 4) = 4 [pid 3870] close(3) = 0 [pid 3870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3870] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3870] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3870] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3871 attached , parent_tid=[3871], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3871 [pid 3870] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3871] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3871] memfd_create("syzkaller", 0) = 3 [pid 3871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3871] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3871] close(3) = 0 [pid 3871] mkdir("./file0", 0777) = 0 [pid 3871] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3871] chdir("./file0") = 0 [pid 3871] ioctl(4, LOOP_CLR_FD) = 0 [pid 3871] close(4) = 0 [pid 3871] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3871] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3870] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3871] open(".", O_RDONLY) = 4 [pid 3871] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3871] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3870] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... mkdirat resumed>) = 0 [pid 3870] <... futex resumed>) = 0 [pid 3871] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3870] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3871] <... futex resumed>) = 0 [pid 3871] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3870] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3871] <... futex resumed>) = 0 [pid 3870] <... futex resumed>) = 1 [pid 3871] sync( [pid 3870] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3870] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 3871] <... sync resumed>) = 0 [pid 3870] <... mprotect resumed>) = 0 [pid 3871] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3870] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3871] <... futex resumed>) = 0 [pid 3871] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] <... clone resumed>, parent_tid=[3872], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3872 [pid 3870] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3870] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3872 attached [pid 3872] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3872] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3870] <... futex resumed>) = 0 [pid 3872] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3870] exit_group(0 [pid 3871] <... futex resumed>) = ? [pid 3870] <... exit_group resumed>) = ? [pid 3871] +++ exited with 0 +++ [pid 3872] <... futex resumed>) = ? [pid 3872] +++ exited with 0 +++ [pid 3870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3870, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 [ 60.501985][ T3871] loop0: detected capacity change from 0 to 64 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3873 attached [pid 3873] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3873 [pid 3873] <... set_robust_list resumed>) = 0 [pid 3873] chdir("./80") = 0 [pid 3873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3873] setpgid(0, 0) = 0 [pid 3873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3873] write(3, "1000", 4) = 4 [pid 3873] close(3) = 0 [pid 3873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3873] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3873] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3873] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3874], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3874 ./strace-static-x86_64: Process 3874 attached [pid 3873] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3874] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3874] memfd_create("syzkaller", 0) = 3 [pid 3874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3874] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3874] close(3) = 0 [pid 3874] mkdir("./file0", 0777) = 0 [pid 3874] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3874] chdir("./file0") = 0 [pid 3874] ioctl(4, LOOP_CLR_FD) = 0 [pid 3874] close(4) = 0 [pid 3874] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] <... futex resumed>) = 0 [pid 3873] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3874] <... futex resumed>) = 1 [pid 3874] open(".", O_RDONLY) = 4 [pid 3874] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] <... futex resumed>) = 0 [pid 3873] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3874] <... futex resumed>) = 1 [pid 3874] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3874] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] <... futex resumed>) = 0 [pid 3873] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3873] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3873] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3875 attached [pid 3874] <... futex resumed>) = 1 [pid 3873] <... clone resumed>, parent_tid=[3875], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3875 [pid 3875] set_robust_list(0x7fa6ebe889e0, 24 [pid 3873] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3873] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3875] <... set_robust_list resumed>) = 0 [pid 3875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3874] sync( [pid 3875] <... openat resumed>) = 5 [pid 3875] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3873] <... futex resumed>) = 0 [pid 3875] <... futex resumed>) = 1 [pid 3875] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3874] <... sync resumed>) = 0 [pid 3874] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3874] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3873] exit_group(0 [pid 3875] <... futex resumed>) = ? [pid 3874] <... futex resumed>) = ? [pid 3873] <... exit_group resumed>) = ? [pid 3875] +++ exited with 0 +++ [pid 3874] +++ exited with 0 +++ [pid 3873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 60.589000][ T3874] loop0: detected capacity change from 0 to 64 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3876 ./strace-static-x86_64: Process 3876 attached [pid 3876] set_robust_list(0x5555563795e0, 24) = 0 [pid 3876] chdir("./81") = 0 [pid 3876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3876] setpgid(0, 0) = 0 [pid 3876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3876] write(3, "1000", 4) = 4 [pid 3876] close(3) = 0 [pid 3876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3876] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3876] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3876] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3877 attached [pid 3877] set_robust_list(0x7fa6ebea99e0, 24 [pid 3876] <... clone resumed>, parent_tid=[3877], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3877 [pid 3877] <... set_robust_list resumed>) = 0 [pid 3876] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3877] memfd_create("syzkaller", 0) = 3 [pid 3877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3877] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3877] close(3) = 0 [pid 3877] mkdir("./file0", 0777) = 0 [pid 3877] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3877] chdir("./file0") = 0 [pid 3877] ioctl(4, LOOP_CLR_FD) = 0 [pid 3877] close(4) = 0 [pid 3877] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] <... futex resumed>) = 0 [pid 3876] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3877] <... futex resumed>) = 1 [pid 3877] open(".", O_RDONLY) = 4 [pid 3877] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] <... futex resumed>) = 0 [pid 3876] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3877] <... futex resumed>) = 1 [pid 3877] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3877] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3876] <... futex resumed>) = 0 [pid 3876] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3876] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3876] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3878 attached [pid 3878] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3876] <... clone resumed>, parent_tid=[3878], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3878 [pid 3878] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3876] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3876] <... futex resumed>) = 0 [pid 3878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3876] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3878] <... openat resumed>) = 5 [pid 3878] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3876] <... futex resumed>) = 0 [pid 3878] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3877] <... futex resumed>) = 1 [pid 3877] sync() = 0 [pid 3877] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3876] exit_group(0) = ? [pid 3878] <... futex resumed>) = ? [pid 3878] +++ exited with 0 +++ [pid 3877] +++ exited with 0 +++ [pid 3876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3879 ./strace-static-x86_64: Process 3879 attached [ 60.683233][ T3877] loop0: detected capacity change from 0 to 64 [pid 3879] set_robust_list(0x5555563795e0, 24) = 0 [pid 3879] chdir("./82") = 0 [pid 3879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3879] setpgid(0, 0) = 0 [pid 3879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3879] write(3, "1000", 4) = 4 [pid 3879] close(3) = 0 [pid 3879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3879] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3879] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3879] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3880 attached , parent_tid=[3880], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3880 [pid 3879] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3880] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3880] memfd_create("syzkaller", 0) = 3 [pid 3880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3880] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3880] close(3) = 0 [pid 3880] mkdir("./file0", 0777) = 0 [pid 3880] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3880] chdir("./file0") = 0 [pid 3880] ioctl(4, LOOP_CLR_FD) = 0 [pid 3880] close(4) = 0 [pid 3880] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3879] <... futex resumed>) = 0 [pid 3879] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... futex resumed>) = 1 [pid 3880] open(".", O_RDONLY) = 4 [pid 3880] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3879] <... futex resumed>) = 0 [pid 3879] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... futex resumed>) = 1 [pid 3880] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3880] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3879] <... futex resumed>) = 0 [pid 3879] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3879] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3879] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3881], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3881 [pid 3879] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3879] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3880] <... futex resumed>) = 1 [pid 3880] sync(./strace-static-x86_64: Process 3881 attached [pid 3881] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3881] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3881] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3879] <... futex resumed>) = 0 [pid 3881] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3880] <... sync resumed>) = 0 [pid 3880] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3880] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3879] exit_group(0) = ? [pid 3881] <... futex resumed>) = ? [pid 3880] <... futex resumed>) = ? [pid 3880] +++ exited with 0 +++ [pid 3881] +++ exited with 0 +++ [pid 3879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 60.763671][ T3880] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3882 ./strace-static-x86_64: Process 3882 attached [pid 3882] set_robust_list(0x5555563795e0, 24) = 0 [pid 3882] chdir("./83") = 0 [pid 3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3882] setpgid(0, 0) = 0 [pid 3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3882] write(3, "1000", 4) = 4 [pid 3882] close(3) = 0 [pid 3882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3882] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3882] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3882] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3883 attached , parent_tid=[3883], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3883 [pid 3883] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3883] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3883] <... futex resumed>) = 0 [pid 3883] memfd_create("syzkaller", 0 [pid 3882] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3883] <... memfd_create resumed>) = 3 [pid 3883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3883] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3883] close(3) = 0 [pid 3883] mkdir("./file0", 0777) = 0 [pid 3883] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3883] chdir("./file0") = 0 [pid 3883] ioctl(4, LOOP_CLR_FD) = 0 [pid 3883] close(4) = 0 [pid 3883] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3882] <... futex resumed>) = 0 [pid 3882] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3883] <... futex resumed>) = 1 [pid 3882] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] open(".", O_RDONLY) = 4 [pid 3883] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3882] <... futex resumed>) = 0 [pid 3882] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... futex resumed>) = 1 [pid 3883] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3883] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3882] <... futex resumed>) = 0 [pid 3882] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3882] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3882] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3884 attached , parent_tid=[3884], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3884 [pid 3882] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3882] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3883] <... futex resumed>) = 1 [pid 3883] sync( [pid 3884] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3884] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3882] <... futex resumed>) = 0 [pid 3884] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3883] <... sync resumed>) = 0 [pid 3883] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3883] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3882] exit_group(0 [pid 3884] <... futex resumed>) = ? [pid 3882] <... exit_group resumed>) = ? [pid 3884] +++ exited with 0 +++ [pid 3883] <... futex resumed>) = ? [pid 3883] +++ exited with 0 +++ [pid 3882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 [ 60.852317][ T3883] loop0: detected capacity change from 0 to 64 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3885 ./strace-static-x86_64: Process 3885 attached [pid 3885] set_robust_list(0x5555563795e0, 24) = 0 [pid 3885] chdir("./84") = 0 [pid 3885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3885] setpgid(0, 0) = 0 [pid 3885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3885] write(3, "1000", 4) = 4 [pid 3885] close(3) = 0 [pid 3885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3885] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3885] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3885] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3886], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3886 ./strace-static-x86_64: Process 3886 attached [pid 3885] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] set_robust_list(0x7fa6ebea99e0, 24 [pid 3885] <... futex resumed>) = 0 [pid 3886] <... set_robust_list resumed>) = 0 [pid 3886] memfd_create("syzkaller", 0 [pid 3885] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3886] <... memfd_create resumed>) = 3 [pid 3886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3886] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3886] close(3) = 0 [pid 3886] mkdir("./file0", 0777) = 0 [pid 3886] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3886] chdir("./file0") = 0 [pid 3886] ioctl(4, LOOP_CLR_FD) = 0 [pid 3886] close(4) = 0 [pid 3886] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3886] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] <... futex resumed>) = 0 [pid 3885] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3885] <... futex resumed>) = 1 [pid 3886] open(".", O_RDONLY) = 4 [pid 3885] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3886] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3885] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3885] <... futex resumed>) = 0 [pid 3886] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3885] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3885] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3885] <... futex resumed>) = 1 [pid 3886] sync( [pid 3885] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3885] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3885] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3887 attached , parent_tid=[3887], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3887 [pid 3885] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] <... sync resumed>) = 0 [pid 3885] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3886] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3887] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3887] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3887] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] <... futex resumed>) = 0 [pid 3885] exit_group(0 [pid 3886] <... futex resumed>) = ? [pid 3885] <... exit_group resumed>) = ? [pid 3887] <... futex resumed>) = ? [pid 3887] +++ exited with 0 +++ [pid 3886] +++ exited with 0 +++ [pid 3885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3885, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 [ 60.952093][ T3886] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3888 attached [pid 3888] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3888 [pid 3888] <... set_robust_list resumed>) = 0 [pid 3888] chdir("./85") = 0 [pid 3888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3888] setpgid(0, 0) = 0 [pid 3888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3888] write(3, "1000", 4) = 4 [pid 3888] close(3) = 0 [pid 3888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3888] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3888] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3888] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3889], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3889 [pid 3888] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3888] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3889 attached [pid 3889] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3889] memfd_create("syzkaller", 0) = 3 [pid 3889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3889] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3889] close(3) = 0 [pid 3889] mkdir("./file0", 0777) = 0 [pid 3889] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3889] chdir("./file0") = 0 [pid 3889] ioctl(4, LOOP_CLR_FD) = 0 [pid 3889] close(4) = 0 [pid 3889] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3888] <... futex resumed>) = 0 [pid 3889] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3888] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3888] <... futex resumed>) = 0 [pid 3889] open(".", O_RDONLY [pid 3888] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3889] <... open resumed>) = 4 [pid 3889] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3888] <... futex resumed>) = 0 [pid 3889] <... futex resumed>) = 1 [pid 3888] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3888] <... futex resumed>) = 0 [pid 3888] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3889] <... mkdirat resumed>) = 0 [pid 3889] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3888] <... futex resumed>) = 0 [pid 3889] <... futex resumed>) = 1 [pid 3888] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3889] sync( [pid 3888] <... futex resumed>) = 0 [pid 3888] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3888] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3888] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3890], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3890 [pid 3888] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3888] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3890 attached [pid 3889] <... sync resumed>) = 0 [pid 3890] set_robust_list(0x7fa6ebe889e0, 24 [pid 3889] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3890] <... set_robust_list resumed>) = 0 [pid 3889] <... futex resumed>) = 0 [pid 3890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3889] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3890] <... openat resumed>) = 5 [pid 3890] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3888] <... futex resumed>) = 0 [pid 3890] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3888] exit_group(0 [pid 3890] <... futex resumed>) = ? [pid 3889] <... futex resumed>) = ? [pid 3888] <... exit_group resumed>) = ? [pid 3889] +++ exited with 0 +++ [pid 3890] +++ exited with 0 +++ [pid 3888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3888, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 61.033605][ T3889] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3891 ./strace-static-x86_64: Process 3891 attached [pid 3891] set_robust_list(0x5555563795e0, 24) = 0 [pid 3891] chdir("./86") = 0 [pid 3891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3891] setpgid(0, 0) = 0 [pid 3891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3891] write(3, "1000", 4) = 4 [pid 3891] close(3) = 0 [pid 3891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3891] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3891] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3891] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3892], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3892 [pid 3891] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3892 attached [pid 3892] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3892] memfd_create("syzkaller", 0) = 3 [pid 3892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3892] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3892] close(3) = 0 [pid 3892] mkdir("./file0", 0777) = 0 [pid 3892] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3892] chdir("./file0") = 0 [pid 3892] ioctl(4, LOOP_CLR_FD) = 0 [pid 3892] close(4) = 0 [pid 3892] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3891] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3892] open(".", O_RDONLY [pid 3891] <... futex resumed>) = 0 [pid 3891] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] <... open resumed>) = 4 [pid 3892] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3892] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3891] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3892] <... mkdirat resumed>) = 0 [pid 3892] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3892] sync( [pid 3891] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3891] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3891] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3893 attached [pid 3893] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3893] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] <... clone resumed>, parent_tid=[3893], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3893 [pid 3891] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3891] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3893] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3892] <... sync resumed>) = 0 [pid 3892] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3892] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3893] <... openat resumed>) = 5 [pid 3893] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3891] <... futex resumed>) = 0 [pid 3893] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3891] exit_group(0 [pid 3892] <... futex resumed>) = ? [pid 3891] <... exit_group resumed>) = ? [pid 3893] <... futex resumed>) = ? [pid 3892] +++ exited with 0 +++ [pid 3893] +++ exited with 0 +++ [pid 3891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3891, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 [ 61.125945][ T3892] loop0: detected capacity change from 0 to 64 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3894 ./strace-static-x86_64: Process 3894 attached [pid 3894] set_robust_list(0x5555563795e0, 24) = 0 [pid 3894] chdir("./87") = 0 [pid 3894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3894] setpgid(0, 0) = 0 [pid 3894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3894] write(3, "1000", 4) = 4 [pid 3894] close(3) = 0 [pid 3894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3894] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3894] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3894] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3895 attached , parent_tid=[3895], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3895 [pid 3894] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3895] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3895] memfd_create("syzkaller", 0) = 3 [pid 3895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3895] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3895] close(3) = 0 [pid 3895] mkdir("./file0", 0777) = 0 [pid 3895] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3895] chdir("./file0") = 0 [pid 3895] ioctl(4, LOOP_CLR_FD) = 0 [pid 3895] close(4) = 0 [pid 3895] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3894] <... futex resumed>) = 0 [pid 3894] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3895] open(".", O_RDONLY [pid 3894] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3895] <... open resumed>) = 4 [pid 3895] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3894] <... futex resumed>) = 0 [pid 3895] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3894] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3895] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3895] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3894] <... futex resumed>) = 0 [pid 3894] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3895] sync( [pid 3894] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3894] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3894] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3896 attached , parent_tid=[3896], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3896 [pid 3896] set_robust_list(0x7fa6ebe889e0, 24 [pid 3894] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3894] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3896] <... set_robust_list resumed>) = 0 [pid 3896] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3895] <... sync resumed>) = 0 [pid 3895] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3895] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3896] <... openat resumed>) = 5 [pid 3896] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3894] <... futex resumed>) = 0 [pid 3894] exit_group(0) = ? [pid 3895] <... futex resumed>) = ? [pid 3895] +++ exited with 0 +++ [pid 3896] +++ exited with 0 +++ [pid 3894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3894, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 [ 61.212826][ T3895] loop0: detected capacity change from 0 to 64 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3897 ./strace-static-x86_64: Process 3897 attached [pid 3897] set_robust_list(0x5555563795e0, 24) = 0 [pid 3897] chdir("./88") = 0 [pid 3897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3897] setpgid(0, 0) = 0 [pid 3897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3897] write(3, "1000", 4) = 4 [pid 3897] close(3) = 0 [pid 3897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3897] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3897] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3897] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3898 attached [pid 3898] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3898] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3897] <... clone resumed>, parent_tid=[3898], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3898 [pid 3897] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3898] <... futex resumed>) = 0 [pid 3897] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3898] memfd_create("syzkaller", 0) = 3 [pid 3898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3898] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3898] close(3) = 0 [pid 3898] mkdir("./file0", 0777) = 0 [pid 3898] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3898] chdir("./file0") = 0 [pid 3898] ioctl(4, LOOP_CLR_FD) = 0 [pid 3898] close(4) = 0 [pid 3898] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] <... futex resumed>) = 0 [pid 3897] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] <... futex resumed>) = 1 [pid 3898] open(".", O_RDONLY) = 4 [pid 3898] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3897] <... futex resumed>) = 0 [pid 3898] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3897] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3898] <... mkdirat resumed>) = 0 [pid 3897] <... futex resumed>) = 0 [pid 3898] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3898] <... futex resumed>) = 0 [pid 3897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3898] sync( [pid 3897] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3897] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3897] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3899], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3899 [pid 3897] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3899 attached [pid 3898] <... sync resumed>) = 0 [pid 3897] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3899] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3898] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3898] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3899] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3899] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3897] <... futex resumed>) = 0 [pid 3897] exit_group(0 [pid 3898] <... futex resumed>) = ? [pid 3897] <... exit_group resumed>) = ? [pid 3898] +++ exited with 0 +++ [pid 3899] <... futex resumed>) = ? [pid 3899] +++ exited with 0 +++ [pid 3897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3897, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 [ 61.312435][ T3898] loop0: detected capacity change from 0 to 64 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3900 ./strace-static-x86_64: Process 3900 attached [pid 3900] set_robust_list(0x5555563795e0, 24) = 0 [pid 3900] chdir("./89") = 0 [pid 3900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3900] setpgid(0, 0) = 0 [pid 3900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3900] write(3, "1000", 4) = 4 [pid 3900] close(3) = 0 [pid 3900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3900] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3900] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3900] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3901 attached , parent_tid=[3901], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3901 [pid 3901] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3901] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3901] <... futex resumed>) = 0 [pid 3901] memfd_create("syzkaller", 0 [pid 3900] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3901] <... memfd_create resumed>) = 3 [pid 3901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3901] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3901] close(3) = 0 [pid 3901] mkdir("./file0", 0777) = 0 [pid 3901] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3901] chdir("./file0") = 0 [pid 3901] ioctl(4, LOOP_CLR_FD) = 0 [pid 3901] close(4) = 0 [pid 3901] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3900] <... futex resumed>) = 0 [pid 3900] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] <... futex resumed>) = 1 [pid 3901] open(".", O_RDONLY) = 4 [pid 3901] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3900] <... futex resumed>) = 0 [pid 3900] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] <... futex resumed>) = 1 [pid 3901] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3901] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3900] <... futex resumed>) = 0 [pid 3900] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3900] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3900] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3902], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3902 [pid 3900] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3900] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3901] <... futex resumed>) = 1 [pid 3901] sync(./strace-static-x86_64: Process 3902 attached [pid 3902] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3902] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3902] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3900] <... futex resumed>) = 0 [pid 3902] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3901] <... sync resumed>) = 0 [pid 3901] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3901] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3900] exit_group(0) = ? [pid 3902] <... futex resumed>) = ? [pid 3902] +++ exited with 0 +++ [pid 3901] <... futex resumed>) = ? [pid 3901] +++ exited with 0 +++ [pid 3900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3900, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 [ 61.415638][ T3901] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3903 ./strace-static-x86_64: Process 3903 attached [pid 3903] set_robust_list(0x5555563795e0, 24) = 0 [pid 3903] chdir("./90") = 0 [pid 3903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3903] setpgid(0, 0) = 0 [pid 3903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3903] write(3, "1000", 4) = 4 [pid 3903] close(3) = 0 [pid 3903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3903] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3903] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3903] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3904 attached [pid 3904] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3904] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] <... clone resumed>, parent_tid=[3904], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3904 [pid 3903] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3904] <... futex resumed>) = 0 [pid 3904] memfd_create("syzkaller", 0 [pid 3903] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3904] <... memfd_create resumed>) = 3 [pid 3904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3904] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3904] close(3) = 0 [pid 3904] mkdir("./file0", 0777) = 0 [pid 3904] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3904] chdir("./file0") = 0 [pid 3904] ioctl(4, LOOP_CLR_FD) = 0 [pid 3904] close(4) = 0 [pid 3904] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3904] open(".", O_RDONLY [pid 3903] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] <... open resumed>) = 4 [pid 3904] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3904] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3903] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3904] <... mkdirat resumed>) = 0 [pid 3904] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3903] <... futex resumed>) = 0 [pid 3904] sync( [pid 3903] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3903] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3903] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3905 attached [pid 3905] set_robust_list(0x7fa6ebe889e0, 24 [pid 3903] <... clone resumed>, parent_tid=[3905], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3905 [pid 3905] <... set_robust_list resumed>) = 0 [pid 3903] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3905] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3903] <... futex resumed>) = 0 [pid 3905] <... openat resumed>) = 5 [pid 3903] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3905] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3905] <... futex resumed>) = 0 [pid 3905] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3904] <... sync resumed>) = 0 [pid 3904] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3904] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3903] exit_group(0 [pid 3905] <... futex resumed>) = ? [pid 3904] <... futex resumed>) = ? [pid 3903] <... exit_group resumed>) = ? [pid 3905] +++ exited with 0 +++ [pid 3904] +++ exited with 0 +++ [pid 3903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3903, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 [ 61.504083][ T3904] loop0: detected capacity change from 0 to 64 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3906 ./strace-static-x86_64: Process 3906 attached [pid 3906] set_robust_list(0x5555563795e0, 24) = 0 [pid 3906] chdir("./91") = 0 [pid 3906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3906] setpgid(0, 0) = 0 [pid 3906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3906] write(3, "1000", 4) = 4 [pid 3906] close(3) = 0 [pid 3906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3906] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3906] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3906] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3907 attached , parent_tid=[3907], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3907 [pid 3907] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3906] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3907] memfd_create("syzkaller", 0) = 3 [pid 3907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3907] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3907] close(3) = 0 [pid 3907] mkdir("./file0", 0777) = 0 [pid 3907] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3907] chdir("./file0") = 0 [pid 3907] ioctl(4, LOOP_CLR_FD) = 0 [pid 3907] close(4) = 0 [pid 3907] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3907] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3906] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3907] <... futex resumed>) = 0 [pid 3906] <... futex resumed>) = 1 [pid 3907] open(".", O_RDONLY [pid 3906] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... open resumed>) = 4 [pid 3907] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3907] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3906] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... mkdirat resumed>) = 0 [pid 3907] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3907] sync( [pid 3906] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3906] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3906] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3908], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3908 [pid 3906] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3906] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3907] <... sync resumed>) = 0 [pid 3907] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3907] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3908 attached [pid 3908] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3908] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3906] <... futex resumed>) = 0 [pid 3906] exit_group(0) = ? [pid 3907] <... futex resumed>) = ? [pid 3907] +++ exited with 0 +++ [pid 3908] +++ exited with 0 +++ [pid 3906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3906, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 61.594160][ T3907] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3909 ./strace-static-x86_64: Process 3909 attached [pid 3909] set_robust_list(0x5555563795e0, 24) = 0 [pid 3909] chdir("./92") = 0 [pid 3909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3909] setpgid(0, 0) = 0 [pid 3909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3909] write(3, "1000", 4) = 4 [pid 3909] close(3) = 0 [pid 3909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3909] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3909] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3909] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3910 attached , parent_tid=[3910], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3910 [pid 3910] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3910] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3909] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3910] <... futex resumed>) = 0 [pid 3910] memfd_create("syzkaller", 0 [pid 3909] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3910] <... memfd_create resumed>) = 3 [pid 3910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3910] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3910] close(3) = 0 [pid 3910] mkdir("./file0", 0777) = 0 [pid 3910] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3910] chdir("./file0") = 0 [pid 3910] ioctl(4, LOOP_CLR_FD) = 0 [pid 3910] close(4) = 0 [pid 3910] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3909] <... futex resumed>) = 0 [pid 3909] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3910] <... futex resumed>) = 1 [pid 3910] open(".", O_RDONLY) = 4 [pid 3910] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3909] <... futex resumed>) = 0 [pid 3909] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3910] <... futex resumed>) = 1 [pid 3909] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3910] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3910] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3909] <... futex resumed>) = 0 [pid 3909] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3910] sync( [pid 3909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3909] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3909] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3911 attached , parent_tid=[3911], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3911 [pid 3911] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3909] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3909] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3910] <... sync resumed>) = 0 [pid 3910] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3910] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... openat resumed>) = 5 [pid 3911] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3909] <... futex resumed>) = 0 [pid 3909] exit_group(0 [pid 3910] <... futex resumed>) = ? [pid 3909] <... exit_group resumed>) = ? [pid 3910] +++ exited with 0 +++ [pid 3911] +++ exited with 0 +++ [pid 3909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3909, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 [ 61.684404][ T3910] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3912 attached , child_tidptr=0x5555563795d0) = 3912 [pid 3912] set_robust_list(0x5555563795e0, 24) = 0 [pid 3912] chdir("./93") = 0 [pid 3912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3912] setpgid(0, 0) = 0 [pid 3912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3912] write(3, "1000", 4) = 4 [pid 3912] close(3) = 0 [pid 3912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3912] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3912] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3912] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3913 attached , parent_tid=[3913], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3913 [pid 3913] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3913] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3913] <... futex resumed>) = 0 [pid 3912] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3913] memfd_create("syzkaller", 0) = 3 [pid 3913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3913] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3913] close(3) = 0 [pid 3913] mkdir("./file0", 0777) = 0 [pid 3913] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3913] chdir("./file0") = 0 [pid 3913] ioctl(4, LOOP_CLR_FD) = 0 [pid 3913] close(4) = 0 [pid 3913] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3913] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3912] <... futex resumed>) = 0 [pid 3913] open(".", O_RDONLY [pid 3912] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... open resumed>) = 4 [pid 3913] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3913] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3912] <... futex resumed>) = 0 [pid 3913] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3912] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3913] <... mkdirat resumed>) = 0 [pid 3913] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3913] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3912] <... futex resumed>) = 0 [pid 3913] sync( [pid 3912] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3912] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3912] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3914 attached , parent_tid=[3914], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3914 [pid 3914] set_robust_list(0x7fa6ebe889e0, 24 [pid 3912] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3914] <... set_robust_list resumed>) = 0 [pid 3912] <... futex resumed>) = 0 [pid 3912] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3914] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3913] <... sync resumed>) = 0 [pid 3914] <... openat resumed>) = 5 [pid 3913] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3914] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3913] <... futex resumed>) = 0 [pid 3914] <... futex resumed>) = 1 [pid 3913] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] <... futex resumed>) = 0 [pid 3914] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3912] exit_group(0) = ? [pid 3913] <... futex resumed>) = ? [pid 3914] <... futex resumed>) = ? [pid 3913] +++ exited with 0 +++ [pid 3914] +++ exited with 0 +++ [pid 3912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3912, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 [ 61.764479][ T3913] loop0: detected capacity change from 0 to 64 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3915 ./strace-static-x86_64: Process 3915 attached [pid 3915] set_robust_list(0x5555563795e0, 24) = 0 [pid 3915] chdir("./94") = 0 [pid 3915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3915] setpgid(0, 0) = 0 [pid 3915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3915] write(3, "1000", 4) = 4 [pid 3915] close(3) = 0 [pid 3915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3915] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3915] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3915] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3916], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3916 ./strace-static-x86_64: Process 3916 attached [pid 3915] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3916] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3916] memfd_create("syzkaller", 0) = 3 [pid 3916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3916] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3916] close(3) = 0 [pid 3916] mkdir("./file0", 0777) = 0 [pid 3916] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3916] chdir("./file0") = 0 [pid 3916] ioctl(4, LOOP_CLR_FD) = 0 [pid 3916] close(4) = 0 [pid 3916] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3915] <... futex resumed>) = 0 [pid 3915] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] <... futex resumed>) = 1 [pid 3916] open(".", O_RDONLY) = 4 [pid 3916] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3915] <... futex resumed>) = 0 [pid 3915] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] <... futex resumed>) = 1 [pid 3916] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3916] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3915] <... futex resumed>) = 0 [pid 3915] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3915] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3915] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3917], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3917 [pid 3915] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3916] <... futex resumed>) = 1 [pid 3915] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3916] sync() = 0 [pid 3916] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3916] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3917 attached [pid 3917] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3917] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3917] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3915] <... futex resumed>) = 0 [pid 3915] exit_group(0 [pid 3916] <... futex resumed>) = ? [pid 3915] <... exit_group resumed>) = ? [pid 3916] +++ exited with 0 +++ [pid 3917] +++ exited with 0 +++ [pid 3915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3915, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 [ 61.871306][ T3916] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3918 attached [pid 3918] set_robust_list(0x5555563795e0, 24) = 0 [pid 3918] chdir("./95") = 0 [pid 3918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3918] setpgid(0, 0) = 0 [pid 3918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3918] write(3, "1000", 4) = 4 [pid 3918] close(3) = 0 [pid 3918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3918] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3918] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3918] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3919], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3919 [pid 3918] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3919 attached [pid 3919] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3919] memfd_create("syzkaller", 0) = 3 [pid 3919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3918 [pid 3919] <... mmap resumed>) = 0x7fa6e3a00000 [pid 3919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3919] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3919] close(3) = 0 [pid 3919] mkdir("./file0", 0777) = 0 [pid 3919] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3919] chdir("./file0") = 0 [pid 3919] ioctl(4, LOOP_CLR_FD) = 0 [pid 3919] close(4) = 0 [pid 3919] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] <... futex resumed>) = 0 [pid 3918] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] <... futex resumed>) = 1 [pid 3919] open(".", O_RDONLY) = 4 [pid 3919] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] <... futex resumed>) = 0 [pid 3918] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] <... futex resumed>) = 1 [pid 3919] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3919] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3918] <... futex resumed>) = 0 [pid 3918] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3918] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3918] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3920], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3920 [pid 3918] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3918] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3919] <... futex resumed>) = 1 [pid 3919] sync(./strace-static-x86_64: Process 3920 attached ) = 0 [pid 3920] set_robust_list(0x7fa6ebe889e0, 24 [pid 3919] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3919] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3920] <... set_robust_list resumed>) = 0 [pid 3920] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3920] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3918] <... futex resumed>) = 0 [pid 3918] exit_group(0) = ? [pid 3919] <... futex resumed>) = ? [pid 3919] +++ exited with 0 +++ [pid 3920] +++ exited with 0 +++ [pid 3918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3918, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 61.942639][ T3919] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3921 ./strace-static-x86_64: Process 3921 attached [pid 3921] set_robust_list(0x5555563795e0, 24) = 0 [pid 3921] chdir("./96") = 0 [pid 3921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3921] setpgid(0, 0) = 0 [pid 3921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3921] write(3, "1000", 4) = 4 [pid 3921] close(3) = 0 [pid 3921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3921] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3921] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3921] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3922], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3922 [pid 3921] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3922 attached [pid 3922] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3922] memfd_create("syzkaller", 0) = 3 [pid 3922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3922] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3922] close(3) = 0 [pid 3922] mkdir("./file0", 0777) = 0 [pid 3922] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3922] chdir("./file0") = 0 [pid 3922] ioctl(4, LOOP_CLR_FD) = 0 [pid 3922] close(4) = 0 [pid 3922] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3922] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] <... futex resumed>) = 0 [pid 3921] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] <... futex resumed>) = 0 [pid 3922] open(".", O_RDONLY) = 4 [pid 3922] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3921] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3922] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3921] <... futex resumed>) = 0 [pid 3921] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3922] sync( [pid 3921] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3921] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3921] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3923 attached [pid 3923] set_robust_list(0x7fa6ebe889e0, 24 [pid 3921] <... clone resumed>, parent_tid=[3923], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3923 [pid 3923] <... set_robust_list resumed>) = 0 [pid 3921] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3923] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3921] <... futex resumed>) = 0 [pid 3921] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3922] <... sync resumed>) = 0 [pid 3923] <... openat resumed>) = 5 [pid 3923] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3922] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3923] <... futex resumed>) = 1 [pid 3922] <... futex resumed>) = 0 [pid 3921] <... futex resumed>) = 0 [pid 3923] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3922] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3921] exit_group(0) = ? [pid 3923] <... futex resumed>) = ? [pid 3922] <... futex resumed>) = ? [pid 3923] +++ exited with 0 +++ [pid 3922] +++ exited with 0 +++ [pid 3921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3921, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.022054][ T3922] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3924 attached [pid 3924] set_robust_list(0x5555563795e0, 24) = 0 [pid 3924] chdir("./97") = 0 [pid 3924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3924] setpgid(0, 0) = 0 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3924 [pid 3924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3924] write(3, "1000", 4) = 4 [pid 3924] close(3) = 0 [pid 3924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3924] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3924] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3924] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3925 attached [pid 3925] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3925] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3924] <... clone resumed>, parent_tid=[3925], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3925 [pid 3924] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3925] <... futex resumed>) = 0 [pid 3924] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3925] memfd_create("syzkaller", 0) = 3 [pid 3925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3925] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3925] close(3) = 0 [pid 3925] mkdir("./file0", 0777) = 0 [pid 3925] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3925] chdir("./file0") = 0 [pid 3925] ioctl(4, LOOP_CLR_FD) = 0 [pid 3925] close(4) = 0 [pid 3925] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3924] <... futex resumed>) = 0 [pid 3924] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3925] <... futex resumed>) = 1 [pid 3925] open(".", O_RDONLY) = 4 [pid 3925] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3924] <... futex resumed>) = 0 [pid 3924] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3925] <... futex resumed>) = 1 [pid 3925] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3925] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3924] <... futex resumed>) = 0 [pid 3925] sync( [pid 3924] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3924] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3924] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3926], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3926 [pid 3924] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3924] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3925] <... sync resumed>) = 0 [pid 3925] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3925] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3926 attached [pid 3926] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3926] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3924] <... futex resumed>) = 0 [pid 3926] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3924] exit_group(0 [pid 3926] <... futex resumed>) = ? [pid 3925] <... futex resumed>) = ? [pid 3924] <... exit_group resumed>) = ? [pid 3926] +++ exited with 0 +++ [pid 3925] +++ exited with 0 +++ [pid 3924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3924, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3927 ./strace-static-x86_64: Process 3927 attached [ 62.123428][ T3925] loop0: detected capacity change from 0 to 64 [pid 3927] set_robust_list(0x5555563795e0, 24) = 0 [pid 3927] chdir("./98") = 0 [pid 3927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3927] setpgid(0, 0) = 0 [pid 3927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3927] write(3, "1000", 4) = 4 [pid 3927] close(3) = 0 [pid 3927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3927] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3927] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3927] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3928 attached [pid 3928] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3928] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] <... clone resumed>, parent_tid=[3928], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3928 [pid 3927] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3928] <... futex resumed>) = 0 [pid 3928] memfd_create("syzkaller", 0 [pid 3927] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3928] <... memfd_create resumed>) = 3 [pid 3928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3928] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3928] close(3) = 0 [pid 3928] mkdir("./file0", 0777) = 0 [pid 3928] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3928] chdir("./file0") = 0 [pid 3928] ioctl(4, LOOP_CLR_FD) = 0 [pid 3928] close(4) = 0 [pid 3928] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3928] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] <... futex resumed>) = 0 [pid 3927] <... futex resumed>) = 1 [pid 3928] open(".", O_RDONLY [pid 3927] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] <... open resumed>) = 4 [pid 3928] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3927] <... futex resumed>) = 0 [pid 3928] <... mkdirat resumed>) = 0 [pid 3927] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3928] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3928] sync( [pid 3927] <... futex resumed>) = 0 [pid 3927] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3927] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3928] <... sync resumed>) = 0 [pid 3927] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3928] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3928] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3929 attached [pid 3927] <... clone resumed>, parent_tid=[3929], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3929 [pid 3929] set_robust_list(0x7fa6ebe889e0, 24 [pid 3927] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3929] <... set_robust_list resumed>) = 0 [pid 3927] <... futex resumed>) = 0 [pid 3929] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3927] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3929] <... openat resumed>) = 5 [pid 3929] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3927] <... futex resumed>) = 0 [pid 3929] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3927] exit_group(0 [pid 3928] <... futex resumed>) = ? [pid 3927] <... exit_group resumed>) = ? [pid 3928] +++ exited with 0 +++ [pid 3929] <... futex resumed>) = ? [pid 3929] +++ exited with 0 +++ [pid 3927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3927, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3930 ./strace-static-x86_64: Process 3930 attached [pid 3930] set_robust_list(0x5555563795e0, 24) = 0 [pid 3930] chdir("./99") = 0 [pid 3930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 62.206762][ T3928] loop0: detected capacity change from 0 to 64 [pid 3930] setpgid(0, 0) = 0 [pid 3930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3930] write(3, "1000", 4) = 4 [pid 3930] close(3) = 0 [pid 3930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3930] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3930] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3930] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3931], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3931 [pid 3930] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3931 attached [pid 3931] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3931] memfd_create("syzkaller", 0) = 3 [pid 3931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3931] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3931] close(3) = 0 [pid 3931] mkdir("./file0", 0777) = 0 [pid 3931] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3931] chdir("./file0") = 0 [pid 3931] ioctl(4, LOOP_CLR_FD) = 0 [pid 3931] close(4) = 0 [pid 3931] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3930] <... futex resumed>) = 0 [pid 3930] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] <... futex resumed>) = 1 [pid 3931] open(".", O_RDONLY) = 4 [pid 3931] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3930] <... futex resumed>) = 0 [pid 3930] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] <... futex resumed>) = 1 [pid 3931] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3931] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3930] <... futex resumed>) = 0 [pid 3930] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3930] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3930] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3932], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3932 [pid 3930] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3930] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3931] <... futex resumed>) = 1 [pid 3931] sync(./strace-static-x86_64: Process 3932 attached [pid 3932] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3932] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3932] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3930] <... futex resumed>) = 0 [pid 3932] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3931] <... sync resumed>) = 0 [pid 3931] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3931] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3930] exit_group(0) = ? [pid 3932] <... futex resumed>) = ? [pid 3931] <... futex resumed>) = ? [pid 3931] +++ exited with 0 +++ [pid 3932] +++ exited with 0 +++ [pid 3930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3930, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.277033][ T3931] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3933 attached , child_tidptr=0x5555563795d0) = 3933 [pid 3933] set_robust_list(0x5555563795e0, 24) = 0 [pid 3933] chdir("./100") = 0 [pid 3933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3933] setpgid(0, 0) = 0 [pid 3933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3933] write(3, "1000", 4) = 4 [pid 3933] close(3) = 0 [pid 3933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3933] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3933] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3934 attached , parent_tid=[3934], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3934 [pid 3933] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3934] memfd_create("syzkaller", 0) = 3 [pid 3934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3933] <... futex resumed>) = 0 [pid 3934] <... mmap resumed>) = 0x7fa6e3a00000 [pid 3933] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3934] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3934] close(3) = 0 [pid 3934] mkdir("./file0", 0777) = 0 [pid 3934] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3934] chdir("./file0") = 0 [pid 3934] ioctl(4, LOOP_CLR_FD) = 0 [pid 3934] close(4) = 0 [pid 3934] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 1 [pid 3934] open(".", O_RDONLY) = 4 [pid 3934] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 1 [pid 3934] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3934] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3933] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3935 attached , parent_tid=[3935], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3935 [pid 3933] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 1 [pid 3934] sync( [pid 3935] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3935] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3934] <... sync resumed>) = 0 [pid 3934] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3934] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3935] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3933] exit_group(0) = ? [pid 3934] <... futex resumed>) = ? [pid 3934] +++ exited with 0 +++ [pid 3935] +++ exited with 0 +++ [pid 3933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3933, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 [ 62.377096][ T3934] loop0: detected capacity change from 0 to 64 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3936 ./strace-static-x86_64: Process 3936 attached [pid 3936] set_robust_list(0x5555563795e0, 24) = 0 [pid 3936] chdir("./101") = 0 [pid 3936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3936] setpgid(0, 0) = 0 [pid 3936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3936] write(3, "1000", 4) = 4 [pid 3936] close(3) = 0 [pid 3936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3936] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3936] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3936] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3937 attached , parent_tid=[3937], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3937 [pid 3937] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3936] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3937] memfd_create("syzkaller", 0) = 3 [pid 3937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3937] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3937] close(3) = 0 [pid 3937] mkdir("./file0", 0777) = 0 [pid 3937] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3937] chdir("./file0") = 0 [pid 3937] ioctl(4, LOOP_CLR_FD) = 0 [pid 3937] close(4) = 0 [pid 3937] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3937] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3936] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] open(".", O_RDONLY [pid 3936] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] <... open resumed>) = 4 [pid 3937] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3936] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3937] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3937] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3936] <... futex resumed>) = 0 [pid 3937] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3936] <... futex resumed>) = 0 [pid 3937] sync( [pid 3936] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3936] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3936] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3938], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3938 [pid 3936] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3936] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3938 attached [pid 3938] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3938] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3938] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3936] <... futex resumed>) = 0 [pid 3938] <... futex resumed>) = 1 [pid 3938] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3937] <... sync resumed>) = 0 [pid 3937] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3937] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3936] exit_group(0 [pid 3937] <... futex resumed>) = ? [pid 3936] <... exit_group resumed>) = ? [pid 3937] +++ exited with 0 +++ [pid 3938] <... futex resumed>) = ? [pid 3938] +++ exited with 0 +++ [pid 3936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3936, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 62.468570][ T3937] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3939 ./strace-static-x86_64: Process 3939 attached [pid 3939] set_robust_list(0x5555563795e0, 24) = 0 [pid 3939] chdir("./102") = 0 [pid 3939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3939] setpgid(0, 0) = 0 [pid 3939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3939] write(3, "1000", 4) = 4 [pid 3939] close(3) = 0 [pid 3939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3939] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3939] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3939] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3940], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3940 ./strace-static-x86_64: Process 3940 attached [pid 3939] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3940] set_robust_list(0x7fa6ebea99e0, 24 [pid 3939] <... futex resumed>) = 0 [pid 3939] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3940] <... set_robust_list resumed>) = 0 [pid 3940] memfd_create("syzkaller", 0) = 3 [pid 3940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3940] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3940] close(3) = 0 [pid 3940] mkdir("./file0", 0777) = 0 [pid 3940] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3940] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3940] chdir("./file0") = 0 [pid 3940] ioctl(4, LOOP_CLR_FD) = 0 [pid 3940] close(4) = 0 [pid 3940] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3939] <... futex resumed>) = 0 [pid 3939] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3940] <... futex resumed>) = 1 [pid 3940] open(".", O_RDONLY) = 4 [pid 3940] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3939] <... futex resumed>) = 0 [pid 3939] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3940] <... futex resumed>) = 1 [pid 3940] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3940] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3939] <... futex resumed>) = 0 [pid 3939] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3939] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3939] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3941], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3941 [pid 3939] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3939] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3940] <... futex resumed>) = 1 [pid 3940] sync(./strace-static-x86_64: Process 3941 attached [pid 3941] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3940] <... sync resumed>) = 0 [pid 3940] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3940] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3941] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3941] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3939] <... futex resumed>) = 0 [pid 3939] exit_group(0) = ? [pid 3940] <... futex resumed>) = ? [pid 3940] +++ exited with 0 +++ [pid 3941] <... futex resumed>) = ? [pid 3941] +++ exited with 0 +++ [pid 3939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3939, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 62.565471][ T3940] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3942 ./strace-static-x86_64: Process 3942 attached [pid 3942] set_robust_list(0x5555563795e0, 24) = 0 [pid 3942] chdir("./103") = 0 [pid 3942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3942] setpgid(0, 0) = 0 [pid 3942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3942] write(3, "1000", 4) = 4 [pid 3942] close(3) = 0 [pid 3942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3942] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3942] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3942] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3943 attached , parent_tid=[3943], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3943 [pid 3942] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3943] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3943] memfd_create("syzkaller", 0) = 3 [pid 3943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3943] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3943] close(3) = 0 [pid 3943] mkdir("./file0", 0777) = 0 [pid 3943] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3943] chdir("./file0") = 0 [pid 3943] ioctl(4, LOOP_CLR_FD) = 0 [pid 3943] close(4) = 0 [pid 3943] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... futex resumed>) = 1 [pid 3943] open(".", O_RDONLY) = 4 [pid 3943] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... futex resumed>) = 1 [pid 3943] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3943] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3942] <... futex resumed>) = 0 [pid 3942] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3942] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3942] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3944], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3944 [pid 3942] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3942] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3943] <... futex resumed>) = 1 [pid 3943] sync(./strace-static-x86_64: Process 3944 attached [pid 3944] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3944] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3944] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3944] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3942] <... futex resumed>) = 0 [pid 3943] <... sync resumed>) = 0 [pid 3943] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3943] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3942] exit_group(0 [pid 3944] <... futex resumed>) = ? [pid 3942] <... exit_group resumed>) = ? [pid 3944] +++ exited with 0 +++ [pid 3943] <... futex resumed>) = ? [pid 3943] +++ exited with 0 +++ [pid 3942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3942, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 [ 62.647342][ T3943] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3945 ./strace-static-x86_64: Process 3945 attached [pid 3945] set_robust_list(0x5555563795e0, 24) = 0 [pid 3945] chdir("./104") = 0 [pid 3945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3945] setpgid(0, 0) = 0 [pid 3945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3945] write(3, "1000", 4) = 4 [pid 3945] close(3) = 0 [pid 3945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3945] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3945] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3945] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3946 attached [pid 3946] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3946] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] <... clone resumed>, parent_tid=[3946], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3946 [pid 3945] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] <... futex resumed>) = 0 [pid 3945] <... futex resumed>) = 1 [pid 3945] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3946] memfd_create("syzkaller", 0) = 3 [pid 3946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3946] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3946] close(3) = 0 [pid 3946] mkdir("./file0", 0777) = 0 [pid 3946] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3946] chdir("./file0") = 0 [pid 3946] ioctl(4, LOOP_CLR_FD) = 0 [pid 3946] close(4) = 0 [pid 3946] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3945] <... futex resumed>) = 0 [pid 3945] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] <... futex resumed>) = 1 [pid 3946] open(".", O_RDONLY) = 4 [pid 3946] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3945] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3946] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3946] sync( [pid 3945] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3945] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3945] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3947 attached , parent_tid=[3947], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3947 [pid 3946] <... sync resumed>) = 0 [pid 3945] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3946] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3945] <... futex resumed>) = 0 [pid 3946] <... futex resumed>) = 0 [pid 3945] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3946] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3947] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3947] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3947] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3945] <... futex resumed>) = 0 [pid 3947] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3945] exit_group(0) = ? [pid 3946] <... futex resumed>) = ? [pid 3946] +++ exited with 0 +++ [pid 3947] <... futex resumed>) = ? [pid 3947] +++ exited with 0 +++ [pid 3945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3945, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 62.737541][ T3946] loop0: detected capacity change from 0 to 64 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3948 ./strace-static-x86_64: Process 3948 attached [pid 3948] set_robust_list(0x5555563795e0, 24) = 0 [pid 3948] chdir("./105") = 0 [pid 3948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3948] setpgid(0, 0) = 0 [pid 3948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3948] write(3, "1000", 4) = 4 [pid 3948] close(3) = 0 [pid 3948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3948] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3948] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3948] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3949 attached , parent_tid=[3949], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3949 [pid 3949] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3948] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3949] memfd_create("syzkaller", 0) = 3 [pid 3949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3949] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3949] close(3) = 0 [pid 3949] mkdir("./file0", 0777) = 0 [pid 3949] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3949] chdir("./file0") = 0 [pid 3949] ioctl(4, LOOP_CLR_FD) = 0 [pid 3949] close(4) = 0 [pid 3949] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3948] <... futex resumed>) = 0 [pid 3949] open(".", O_RDONLY [pid 3948] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3949] <... open resumed>) = 4 [pid 3949] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3948] <... futex resumed>) = 0 [pid 3949] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3948] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3949] <... mkdirat resumed>) = 0 [pid 3949] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3948] <... futex resumed>) = 0 [pid 3949] sync( [pid 3948] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3948] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3949] <... sync resumed>) = 0 [pid 3948] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 3949] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] <... clone resumed>, parent_tid=[3950], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3950 [pid 3949] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3948] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3948] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3950 attached [pid 3950] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3950] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3950] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3948] <... futex resumed>) = 0 [pid 3950] <... futex resumed>) = 1 [pid 3948] exit_group(0 [pid 3949] <... futex resumed>) = ? [pid 3948] <... exit_group resumed>) = ? [pid 3949] +++ exited with 0 +++ [pid 3950] +++ exited with 0 +++ [pid 3948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3948, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 62.833043][ T3949] loop0: detected capacity change from 0 to 64 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3951 ./strace-static-x86_64: Process 3951 attached [pid 3951] set_robust_list(0x5555563795e0, 24) = 0 [pid 3951] chdir("./106") = 0 [pid 3951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3951] setpgid(0, 0) = 0 [pid 3951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3951] write(3, "1000", 4) = 4 [pid 3951] close(3) = 0 [pid 3951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3951] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3951] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3951] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3952 attached , parent_tid=[3952], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3952 [pid 3952] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3952] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3951] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3952] <... futex resumed>) = 0 [pid 3951] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3952] memfd_create("syzkaller", 0) = 3 [pid 3952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3952] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3952] close(3) = 0 [pid 3952] mkdir("./file0", 0777) = 0 [pid 3952] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3952] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3952] chdir("./file0") = 0 [pid 3952] ioctl(4, LOOP_CLR_FD) = 0 [pid 3952] close(4) = 0 [pid 3952] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] <... futex resumed>) = 0 [pid 3951] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] <... futex resumed>) = 1 [pid 3951] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] open(".", O_RDONLY) = 4 [pid 3952] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] <... futex resumed>) = 0 [pid 3952] <... futex resumed>) = 1 [pid 3951] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3951] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3952] <... mkdirat resumed>) = 0 [pid 3952] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3951] <... futex resumed>) = 0 [pid 3952] <... futex resumed>) = 1 [pid 3951] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3952] sync( [pid 3951] <... futex resumed>) = 0 [pid 3951] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3951] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3951] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3953 attached [pid 3953] set_robust_list(0x7fa6ebe889e0, 24 [pid 3951] <... clone resumed>, parent_tid=[3953], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3953 [pid 3951] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3953] <... set_robust_list resumed>) = 0 [pid 3951] <... futex resumed>) = 0 [pid 3953] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3951] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3953] <... openat resumed>) = 5 [pid 3953] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3953] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3951] <... futex resumed>) = 0 [pid 3952] <... sync resumed>) = 0 [pid 3952] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3952] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3951] exit_group(0) = ? [pid 3953] <... futex resumed>) = ? [pid 3953] +++ exited with 0 +++ [pid 3952] <... futex resumed>) = ? [pid 3952] +++ exited with 0 +++ [pid 3951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3951, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.912238][ T3952] loop0: detected capacity change from 0 to 64 lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3954 ./strace-static-x86_64: Process 3954 attached [pid 3954] set_robust_list(0x5555563795e0, 24) = 0 [pid 3954] chdir("./107") = 0 [pid 3954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3954] setpgid(0, 0) = 0 [pid 3954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3954] write(3, "1000", 4) = 4 [pid 3954] close(3) = 0 [pid 3954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3954] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3954] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3954] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3955 attached [pid 3955] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3954] <... clone resumed>, parent_tid=[3955], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3955 [pid 3955] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3955] memfd_create("syzkaller", 0) = 3 [pid 3955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3955] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3955] close(3) = 0 [pid 3955] mkdir("./file0", 0777) = 0 [pid 3955] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3955] chdir("./file0") = 0 [pid 3955] ioctl(4, LOOP_CLR_FD) = 0 [pid 3955] close(4) = 0 [pid 3955] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] <... futex resumed>) = 1 [pid 3955] open(".", O_RDONLY) = 4 [pid 3955] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] <... futex resumed>) = 1 [pid 3955] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3955] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3954] <... futex resumed>) = 0 [pid 3954] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3954] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3954] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3956], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3956 [pid 3954] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3954] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3955] <... futex resumed>) = 1 [pid 3955] sync(./strace-static-x86_64: Process 3956 attached [pid 3956] set_robust_list(0x7fa6ebe889e0, 24 [pid 3955] <... sync resumed>) = 0 [pid 3955] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3956] <... set_robust_list resumed>) = 0 [pid 3956] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3956] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3954] <... futex resumed>) = 0 [pid 3956] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3954] exit_group(0 [pid 3955] <... futex resumed>) = ? [pid 3954] <... exit_group resumed>) = ? [pid 3956] <... futex resumed>) = ? [pid 3955] +++ exited with 0 +++ [pid 3956] +++ exited with 0 +++ [pid 3954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3954, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 [ 63.004963][ T3955] loop0: detected capacity change from 0 to 64 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3957 ./strace-static-x86_64: Process 3957 attached [pid 3957] set_robust_list(0x5555563795e0, 24) = 0 [pid 3957] chdir("./108") = 0 [pid 3957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3957] setpgid(0, 0) = 0 [pid 3957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3957] write(3, "1000", 4) = 4 [pid 3957] close(3) = 0 [pid 3957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3957] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3957] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3957] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3958 attached , parent_tid=[3958], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3958 [pid 3957] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3958] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3958] memfd_create("syzkaller", 0) = 3 [pid 3958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3958] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3958] close(3) = 0 [pid 3958] mkdir("./file0", 0777) = 0 [pid 3958] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3958] chdir("./file0") = 0 [pid 3958] ioctl(4, LOOP_CLR_FD) = 0 [pid 3958] close(4) = 0 [pid 3958] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3957] <... futex resumed>) = 0 [pid 3958] open(".", O_RDONLY [pid 3957] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3958] <... open resumed>) = 4 [pid 3957] <... futex resumed>) = 0 [pid 3958] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3958] <... futex resumed>) = 0 [pid 3957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3958] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3957] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3958] <... mkdirat resumed>) = 0 [pid 3957] <... futex resumed>) = 0 [pid 3958] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3958] <... futex resumed>) = 0 [pid 3957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3958] sync( [pid 3957] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3957] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3957] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3959], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3959 [pid 3957] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3957] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3959 attached [pid 3959] set_robust_list(0x7fa6ebe889e0, 24 [pid 3958] <... sync resumed>) = 0 [pid 3958] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3959] <... set_robust_list resumed>) = 0 [pid 3958] <... futex resumed>) = 0 [pid 3958] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3959] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3959] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3957] <... futex resumed>) = 0 [pid 3957] exit_group(0 [pid 3958] <... futex resumed>) = ? [pid 3957] <... exit_group resumed>) = ? [pid 3958] +++ exited with 0 +++ [pid 3959] <... futex resumed>) = ? [pid 3959] +++ exited with 0 +++ [pid 3957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3957, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 63.099983][ T3958] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3960 attached [pid 3960] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3960 [pid 3960] <... set_robust_list resumed>) = 0 [pid 3960] chdir("./109") = 0 [pid 3960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3960] setpgid(0, 0) = 0 [pid 3960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3960] write(3, "1000", 4) = 4 [pid 3960] close(3) = 0 [pid 3960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3960] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3960] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3960] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3961 attached , parent_tid=[3961], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3961 [pid 3961] set_robust_list(0x7fa6ebea99e0, 24 [pid 3960] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3961] <... set_robust_list resumed>) = 0 [pid 3960] <... futex resumed>) = 0 [pid 3960] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3961] memfd_create("syzkaller", 0) = 3 [pid 3961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3961] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3961] close(3) = 0 [pid 3961] mkdir("./file0", 0777) = 0 [pid 3961] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3961] chdir("./file0") = 0 [pid 3961] ioctl(4, LOOP_CLR_FD) = 0 [pid 3961] close(4) = 0 [pid 3961] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3960] <... futex resumed>) = 0 [pid 3961] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3960] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3960] <... futex resumed>) = 0 [pid 3961] open(".", O_RDONLY [pid 3960] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3961] <... open resumed>) = 4 [pid 3961] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3960] <... futex resumed>) = 0 [pid 3961] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3960] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3960] <... futex resumed>) = 0 [pid 3961] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3960] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3961] <... mkdirat resumed>) = 0 [pid 3961] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3960] <... futex resumed>) = 0 [pid 3961] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3960] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3960] <... futex resumed>) = 0 [pid 3961] sync( [pid 3960] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3960] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3960] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3962 attached [pid 3962] set_robust_list(0x7fa6ebe889e0, 24 [pid 3960] <... clone resumed>, parent_tid=[3962], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3962 [pid 3962] <... set_robust_list resumed>) = 0 [pid 3960] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3960] <... futex resumed>) = 0 [pid 3960] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3962] <... openat resumed>) = 5 [pid 3962] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3960] <... futex resumed>) = 0 [pid 3961] <... sync resumed>) = 0 [pid 3961] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3962] <... futex resumed>) = 1 [pid 3962] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3960] exit_group(0 [pid 3962] <... futex resumed>) = ? [pid 3961] <... futex resumed>) = ? [pid 3960] <... exit_group resumed>) = ? [pid 3962] +++ exited with 0 +++ [pid 3961] +++ exited with 0 +++ [pid 3960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3960, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 63.182578][ T3961] loop0: detected capacity change from 0 to 64 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3963 ./strace-static-x86_64: Process 3963 attached [pid 3963] set_robust_list(0x5555563795e0, 24) = 0 [pid 3963] chdir("./110") = 0 [pid 3963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3963] setpgid(0, 0) = 0 [pid 3963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3963] write(3, "1000", 4) = 4 [pid 3963] close(3) = 0 [pid 3963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3963] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3963] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3963] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3964 attached [pid 3964] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3964] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3963] <... clone resumed>, parent_tid=[3964], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3964 [pid 3963] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3964] <... futex resumed>) = 0 [pid 3963] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3964] memfd_create("syzkaller", 0) = 3 [pid 3964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3964] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3964] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3964] close(3) = 0 [pid 3964] mkdir("./file0", 0777) = 0 [pid 3964] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3964] chdir("./file0") = 0 [pid 3964] ioctl(4, LOOP_CLR_FD) = 0 [pid 3964] close(4) = 0 [pid 3964] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3963] <... futex resumed>) = 0 [pid 3963] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3963] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3964] <... futex resumed>) = 1 [pid 3964] open(".", O_RDONLY) = 4 [pid 3964] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3963] <... futex resumed>) = 0 [pid 3963] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3963] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3964] <... futex resumed>) = 1 [pid 3964] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3964] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3963] <... futex resumed>) = 0 [pid 3963] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3963] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3963] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3963] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3965], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3965 [pid 3963] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3963] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3964] <... futex resumed>) = 1 [pid 3964] sync() = 0 [pid 3964] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 3965 attached [pid 3965] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3965] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3964] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3965] <... openat resumed>) = 5 [pid 3965] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3963] <... futex resumed>) = 0 [pid 3965] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3963] exit_group(0 [pid 3965] <... futex resumed>) = ? [pid 3963] <... exit_group resumed>) = ? [pid 3965] +++ exited with 0 +++ [pid 3964] <... futex resumed>) = ? [pid 3964] +++ exited with 0 +++ [pid 3963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3963, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 63.269504][ T3964] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3966 ./strace-static-x86_64: Process 3966 attached [pid 3966] set_robust_list(0x5555563795e0, 24) = 0 [pid 3966] chdir("./111") = 0 [pid 3966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3966] setpgid(0, 0) = 0 [pid 3966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3966] write(3, "1000", 4) = 4 [pid 3966] close(3) = 0 [pid 3966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3966] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3966] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3966] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3967 attached , parent_tid=[3967], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3967 [pid 3966] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3966] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3967] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3967] memfd_create("syzkaller", 0) = 3 [pid 3967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3967] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3967] close(3) = 0 [pid 3967] mkdir("./file0", 0777) = 0 [pid 3967] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3967] chdir("./file0") = 0 [pid 3967] ioctl(4, LOOP_CLR_FD) = 0 [pid 3967] close(4) = 0 [pid 3967] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3967] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3966] <... futex resumed>) = 0 [pid 3966] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3966] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3967] <... futex resumed>) = 0 [pid 3967] open(".", O_RDONLY) = 4 [pid 3967] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3966] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3967] <... futex resumed>) = 0 [pid 3966] <... futex resumed>) = 1 [pid 3967] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3966] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3967] <... mkdirat resumed>) = 0 [pid 3967] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3966] <... futex resumed>) = 0 [pid 3967] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3966] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3967] <... futex resumed>) = 0 [pid 3966] <... futex resumed>) = 1 [pid 3967] sync( [pid 3966] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3966] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3966] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3968], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3968 [pid 3966] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3966] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3967] <... sync resumed>) = 0 [pid 3967] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3967] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3968 attached [pid 3968] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3968] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3968] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3966] <... futex resumed>) = 0 [pid 3968] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3966] exit_group(0 [pid 3968] <... futex resumed>) = ? [pid 3967] <... futex resumed>) = ? [pid 3966] <... exit_group resumed>) = ? [pid 3967] +++ exited with 0 +++ [pid 3968] +++ exited with 0 +++ [pid 3966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3966, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3969 [ 63.376915][ T3967] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 3969 attached [pid 3969] set_robust_list(0x5555563795e0, 24) = 0 [pid 3969] chdir("./112") = 0 [pid 3969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3969] setpgid(0, 0) = 0 [pid 3969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3969] write(3, "1000", 4) = 4 [pid 3969] close(3) = 0 [pid 3969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3969] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3969] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3969] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3970 attached , parent_tid=[3970], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3970 [pid 3970] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3970] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3969] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3970] <... futex resumed>) = 0 [pid 3969] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3970] memfd_create("syzkaller", 0) = 3 [pid 3970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3970] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3970] close(3) = 0 [pid 3970] mkdir("./file0", 0777) = 0 [pid 3970] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3970] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3970] chdir("./file0") = 0 [pid 3970] ioctl(4, LOOP_CLR_FD) = 0 [pid 3970] close(4) = 0 [pid 3970] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3969] <... futex resumed>) = 0 [pid 3969] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3969] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3970] open(".", O_RDONLY) = 4 [pid 3970] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3969] <... futex resumed>) = 0 [pid 3969] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3969] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3970] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3970] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3969] <... futex resumed>) = 0 [pid 3969] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3969] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3969] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 3970] sync( [pid 3969] <... mprotect resumed>) = 0 [pid 3969] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3971], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3971 [pid 3969] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3969] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3971 attached [pid 3971] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3971] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3971] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3969] <... futex resumed>) = 0 [pid 3971] <... futex resumed>) = 1 [pid 3970] <... sync resumed>) = 0 [pid 3970] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3970] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3971] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3969] exit_group(0 [pid 3970] <... futex resumed>) = ? [pid 3969] <... exit_group resumed>) = ? [pid 3970] +++ exited with 0 +++ [pid 3971] <... futex resumed>) = ? [pid 3971] +++ exited with 0 +++ [pid 3969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3969, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 63.464951][ T3970] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3972 ./strace-static-x86_64: Process 3972 attached [pid 3972] set_robust_list(0x5555563795e0, 24) = 0 [pid 3972] chdir("./113") = 0 [pid 3972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3972] setpgid(0, 0) = 0 [pid 3972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3972] write(3, "1000", 4) = 4 [pid 3972] close(3) = 0 [pid 3972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3972] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3972] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3972] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3973], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3973 ./strace-static-x86_64: Process 3973 attached [pid 3972] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3973] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3973] memfd_create("syzkaller", 0) = 3 [pid 3973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3973] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3973] close(3) = 0 [pid 3973] mkdir("./file0", 0777) = 0 [pid 3973] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3973] chdir("./file0") = 0 [pid 3973] ioctl(4, LOOP_CLR_FD) = 0 [pid 3973] close(4) = 0 [pid 3973] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3972] <... futex resumed>) = 0 [pid 3972] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3973] open(".", O_RDONLY) = 4 [pid 3973] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3972] <... futex resumed>) = 0 [pid 3972] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3973] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3973] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3972] <... futex resumed>) = 0 [pid 3972] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3973] sync( [pid 3972] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3972] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3972] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3974], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3974 [pid 3972] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3972] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3974 attached [pid 3974] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3974] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3973] <... sync resumed>) = 0 [pid 3973] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3973] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3974] <... openat resumed>) = 5 [pid 3974] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3972] <... futex resumed>) = 0 [pid 3972] exit_group(0 [pid 3973] <... futex resumed>) = ? [pid 3972] <... exit_group resumed>) = ? [pid 3973] +++ exited with 0 +++ [pid 3974] <... futex resumed>) = ? [pid 3974] +++ exited with 0 +++ [pid 3972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3972, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 [ 63.542027][ T3973] loop0: detected capacity change from 0 to 64 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3975 attached [pid 3975] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 3975 [pid 3975] <... set_robust_list resumed>) = 0 [pid 3975] chdir("./114") = 0 [pid 3975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3975] setpgid(0, 0) = 0 [pid 3975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3975] write(3, "1000", 4) = 4 [pid 3975] close(3) = 0 [pid 3975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3975] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3975] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3975] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3976], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3976 ./strace-static-x86_64: Process 3976 attached [pid 3975] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3976] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3976] memfd_create("syzkaller", 0) = 3 [pid 3976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3975] <... futex resumed>) = 0 [pid 3975] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3976] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3976] close(3) = 0 [pid 3976] mkdir("./file0", 0777) = 0 [pid 3976] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3976] chdir("./file0") = 0 [pid 3976] ioctl(4, LOOP_CLR_FD) = 0 [pid 3976] close(4) = 0 [pid 3976] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3975] <... futex resumed>) = 0 [pid 3975] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3975] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3976] open(".", O_RDONLY) = 4 [pid 3976] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3975] <... futex resumed>) = 0 [pid 3975] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3975] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3976] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3976] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3975] <... futex resumed>) = 0 [pid 3976] sync( [pid 3975] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3975] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3975] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3975] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3977 attached [pid 3977] set_robust_list(0x7fa6ebe889e0, 24 [pid 3975] <... clone resumed>, parent_tid=[3977], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3977 [pid 3977] <... set_robust_list resumed>) = 0 [pid 3976] <... sync resumed>) = 0 [pid 3975] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3976] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3975] <... futex resumed>) = 0 [pid 3976] <... futex resumed>) = 0 [pid 3975] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3976] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3977] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3975] <... futex resumed>) = 0 [pid 3975] exit_group(0 [pid 3977] ????() = ? [pid 3976] <... futex resumed>) = ? [pid 3975] <... exit_group resumed>) = ? [pid 3977] +++ exited with 0 +++ [pid 3976] +++ exited with 0 +++ [pid 3975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3975, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 [ 63.626430][ T3976] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3978 ./strace-static-x86_64: Process 3978 attached [pid 3978] set_robust_list(0x5555563795e0, 24) = 0 [pid 3978] chdir("./115") = 0 [pid 3978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3978] setpgid(0, 0) = 0 [pid 3978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3978] write(3, "1000", 4) = 4 [pid 3978] close(3) = 0 [pid 3978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3978] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3978] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3978] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3979], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3979 [pid 3978] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3978] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3979 attached [pid 3979] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3979] memfd_create("syzkaller", 0) = 3 [pid 3979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3979] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3979] close(3) = 0 [pid 3979] mkdir("./file0", 0777) = 0 [pid 3979] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3979] chdir("./file0") = 0 [pid 3979] ioctl(4, LOOP_CLR_FD) = 0 [pid 3979] close(4) = 0 [pid 3979] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3978] <... futex resumed>) = 0 [pid 3979] open(".", O_RDONLY [pid 3978] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3979] <... open resumed>) = 4 [pid 3978] <... futex resumed>) = 0 [pid 3979] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3979] <... futex resumed>) = 0 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3979] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 3978] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3979] <... mkdirat resumed>) = 0 [pid 3978] <... futex resumed>) = 0 [pid 3978] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3979] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3978] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3979] <... futex resumed>) = 0 [pid 3978] <... futex resumed>) = 0 [pid 3978] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3979] sync( [pid 3978] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3978] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3978] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3980 attached , parent_tid=[3980], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3980 [pid 3978] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3978] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3980] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3980] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3980] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3978] <... futex resumed>) = 0 [pid 3980] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3979] <... sync resumed>) = 0 [pid 3979] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] exit_group(0 [pid 3980] <... futex resumed>) = ? [pid 3978] <... exit_group resumed>) = ? [pid 3979] <... futex resumed>) = ? [pid 3980] +++ exited with 0 +++ [pid 3979] +++ exited with 0 +++ [pid 3978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3978, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 63.723254][ T3979] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3981 attached , child_tidptr=0x5555563795d0) = 3981 [pid 3981] set_robust_list(0x5555563795e0, 24) = 0 [pid 3981] chdir("./116") = 0 [pid 3981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3981] setpgid(0, 0) = 0 [pid 3981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3981] write(3, "1000", 4) = 4 [pid 3981] close(3) = 0 [pid 3981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3981] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3981] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3981] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3982], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3982 [pid 3981] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3981] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3982 attached [pid 3982] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3982] memfd_create("syzkaller", 0) = 3 [pid 3982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3982] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3982] close(3) = 0 [pid 3982] mkdir("./file0", 0777) = 0 [pid 3982] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3982] chdir("./file0") = 0 [pid 3982] ioctl(4, LOOP_CLR_FD) = 0 [pid 3982] close(4) = 0 [pid 3982] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = 0 [pid 3981] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3981] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3982] <... futex resumed>) = 1 [pid 3982] open(".", O_RDONLY) = 4 [pid 3982] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = 0 [pid 3981] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3981] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3982] <... futex resumed>) = 1 [pid 3982] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3982] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = 0 [pid 3981] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3981] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3981] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3981] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3983], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3983 [pid 3981] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3981] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3982] <... futex resumed>) = 1 [pid 3982] sync() = 0 [pid 3982] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3982] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3983 attached [pid 3983] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3983] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3983] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3981] <... futex resumed>) = 0 [pid 3981] exit_group(0) = ? [pid 3982] <... futex resumed>) = ? [pid 3982] +++ exited with 0 +++ [pid 3983] <... futex resumed>) = ? [pid 3983] +++ exited with 0 +++ [pid 3981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3981, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3984 ./strace-static-x86_64: Process 3984 attached [pid 3984] set_robust_list(0x5555563795e0, 24) = 0 [pid 3984] chdir("./117") = 0 [pid 3984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3984] setpgid(0, 0) = 0 [pid 3984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3984] write(3, "1000", 4) = 4 [pid 3984] close(3) = 0 [pid 3984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3984] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3984] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3984] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3985], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3985 [pid 3984] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3984] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3985 attached [pid 3985] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3985] memfd_create("syzkaller", 0) = 3 [pid 3985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [ 63.818963][ T3982] loop0: detected capacity change from 0 to 64 [pid 3985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3985] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3985] close(3) = 0 [pid 3985] mkdir("./file0", 0777) = 0 [pid 3985] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3985] chdir("./file0") = 0 [pid 3985] ioctl(4, LOOP_CLR_FD) = 0 [pid 3985] close(4) = 0 [pid 3985] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = 0 [pid 3984] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3984] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3985] <... futex resumed>) = 1 [pid 3985] open(".", O_RDONLY) = 4 [pid 3985] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = 0 [pid 3984] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3984] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3985] <... futex resumed>) = 1 [pid 3985] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3985] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = 0 [pid 3984] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3984] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3984] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3984] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3986], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3986 [pid 3984] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3984] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3985] <... futex resumed>) = 1 [pid 3985] sync(./strace-static-x86_64: Process 3986 attached [pid 3986] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3986] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3986] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3984] <... futex resumed>) = 0 [pid 3986] <... futex resumed>) = 1 [pid 3986] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3985] <... sync resumed>) = 0 [pid 3985] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3985] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3984] exit_group(0 [pid 3986] <... futex resumed>) = ? [pid 3985] <... futex resumed>) = ? [pid 3984] <... exit_group resumed>) = ? [pid 3986] +++ exited with 0 +++ [pid 3985] +++ exited with 0 +++ [pid 3984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3984, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 [ 63.881688][ T3985] loop0: detected capacity change from 0 to 64 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3987 ./strace-static-x86_64: Process 3987 attached [pid 3987] set_robust_list(0x5555563795e0, 24) = 0 [pid 3987] chdir("./118") = 0 [pid 3987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3987] setpgid(0, 0) = 0 [pid 3987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3987] write(3, "1000", 4) = 4 [pid 3987] close(3) = 0 [pid 3987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3987] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3987] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3987] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3988 attached [pid 3988] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3987] <... clone resumed>, parent_tid=[3988], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3988 [pid 3987] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3988] memfd_create("syzkaller", 0) = 3 [pid 3988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3988] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3988] close(3) = 0 [pid 3988] mkdir("./file0", 0777) = 0 [pid 3988] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3988] chdir("./file0") = 0 [pid 3988] ioctl(4, LOOP_CLR_FD) = 0 [pid 3988] close(4) = 0 [pid 3988] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 0 [pid 3987] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3988] <... futex resumed>) = 1 [pid 3988] open(".", O_RDONLY) = 4 [pid 3988] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 0 [pid 3987] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3988] <... futex resumed>) = 1 [pid 3988] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3988] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 0 [pid 3987] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3987] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3987] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3989], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3989 [pid 3987] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3987] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3988] <... futex resumed>) = 1 [pid 3988] sync(./strace-static-x86_64: Process 3989 attached [pid 3989] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3989] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3989] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3987] <... futex resumed>) = 0 [pid 3989] <... futex resumed>) = 1 [pid 3989] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3988] <... sync resumed>) = 0 [pid 3988] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3988] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3987] exit_group(0 [pid 3989] <... futex resumed>) = ? [pid 3987] <... exit_group resumed>) = ? [pid 3989] +++ exited with 0 +++ [pid 3988] <... futex resumed>) = ? [pid 3988] +++ exited with 0 +++ [pid 3987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3987, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 63.976251][ T3988] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3990 ./strace-static-x86_64: Process 3990 attached [pid 3990] set_robust_list(0x5555563795e0, 24) = 0 [pid 3990] chdir("./119") = 0 [pid 3990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3990] setpgid(0, 0) = 0 [pid 3990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3990] write(3, "1000", 4) = 4 [pid 3990] close(3) = 0 [pid 3990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3990] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3990] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3990] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3991 attached [pid 3991] set_robust_list(0x7fa6ebea99e0, 24 [pid 3990] <... clone resumed>, parent_tid=[3991], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3991 [pid 3990] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3991] <... set_robust_list resumed>) = 0 [pid 3991] memfd_create("syzkaller", 0) = 3 [pid 3991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3991] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3991] close(3) = 0 [pid 3991] mkdir("./file0", 0777) = 0 [pid 3991] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3991] chdir("./file0") = 0 [pid 3991] ioctl(4, LOOP_CLR_FD) = 0 [pid 3991] close(4) = 0 [pid 3991] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] <... futex resumed>) = 0 [pid 3990] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3991] <... futex resumed>) = 1 [pid 3991] open(".", O_RDONLY) = 4 [pid 3991] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] <... futex resumed>) = 0 [pid 3990] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3991] <... futex resumed>) = 1 [pid 3991] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3991] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3990] <... futex resumed>) = 0 [pid 3990] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3990] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3990] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3992], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3992 [pid 3990] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3990] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3991] <... futex resumed>) = 1 [pid 3991] sync(./strace-static-x86_64: Process 3992 attached [pid 3992] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3992] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3992] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3991] <... sync resumed>) = 0 [pid 3991] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3991] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3992] <... futex resumed>) = 1 [pid 3990] <... futex resumed>) = 0 [pid 3990] exit_group(0) = ? [pid 3991] <... futex resumed>) = ? [pid 3992] +++ exited with 0 +++ [pid 3991] +++ exited with 0 +++ [pid 3990] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3990, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 64.057386][ T3991] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3993 ./strace-static-x86_64: Process 3993 attached [pid 3993] set_robust_list(0x5555563795e0, 24) = 0 [pid 3993] chdir("./120") = 0 [pid 3993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3993] setpgid(0, 0) = 0 [pid 3993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3993] write(3, "1000", 4) = 4 [pid 3993] close(3) = 0 [pid 3993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3993] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3993] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3993] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3994 attached , parent_tid=[3994], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3994 [pid 3993] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3994] set_robust_list(0x7fa6ebea99e0, 24 [pid 3993] <... futex resumed>) = 0 [pid 3993] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3994] <... set_robust_list resumed>) = 0 [pid 3994] memfd_create("syzkaller", 0) = 3 [pid 3994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3994] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3994] close(3) = 0 [pid 3994] mkdir("./file0", 0777) = 0 [pid 3994] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3994] chdir("./file0") = 0 [pid 3994] ioctl(4, LOOP_CLR_FD) = 0 [pid 3994] close(4) = 0 [pid 3994] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3993] <... futex resumed>) = 0 [pid 3993] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3993] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3994] <... futex resumed>) = 1 [pid 3994] open(".", O_RDONLY) = 4 [pid 3994] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3993] <... futex resumed>) = 0 [pid 3993] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3993] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3994] <... futex resumed>) = 1 [pid 3994] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3994] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3993] <... futex resumed>) = 0 [pid 3993] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3993] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3994] <... futex resumed>) = 1 [pid 3993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3994] sync( [pid 3993] <... mmap resumed>) = 0x7fa6ebe68000 [pid 3993] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3993] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3995], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3995 [pid 3993] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3993] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3995 attached [pid 3995] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3995] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 3995] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3993] <... futex resumed>) = 0 [pid 3994] <... sync resumed>) = 0 [pid 3994] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3994] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3995] <... futex resumed>) = 1 [pid 3995] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3993] exit_group(0 [pid 3995] <... futex resumed>) = ? [pid 3994] <... futex resumed>) = ? [pid 3993] <... exit_group resumed>) = ? [pid 3995] +++ exited with 0 +++ [pid 3994] +++ exited with 0 +++ [pid 3993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3993, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 64.145882][ T3994] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3996 attached , child_tidptr=0x5555563795d0) = 3996 [pid 3996] set_robust_list(0x5555563795e0, 24) = 0 [pid 3996] chdir("./121") = 0 [pid 3996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3996] setpgid(0, 0) = 0 [pid 3996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3996] write(3, "1000", 4) = 4 [pid 3996] close(3) = 0 [pid 3996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3996] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3996] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3996] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3997 attached , parent_tid=[3997], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 3997 [pid 3997] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3997] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3996] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3997] <... futex resumed>) = 0 [pid 3997] memfd_create("syzkaller", 0 [pid 3996] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3997] <... memfd_create resumed>) = 3 [pid 3997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 3997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 3997] munmap(0x7fa6e3a00000, 32768) = 0 [pid 3997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3997] close(3) = 0 [pid 3997] mkdir("./file0", 0777) = 0 [pid 3997] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 3997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3997] chdir("./file0") = 0 [pid 3997] ioctl(4, LOOP_CLR_FD) = 0 [pid 3997] close(4) = 0 [pid 3997] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3996] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3997] open(".", O_RDONLY) = 4 [pid 3997] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3996] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3997] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 3997] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3997] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3996] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3997] <... futex resumed>) = 0 [pid 3996] <... futex resumed>) = 1 [pid 3997] sync( [pid 3996] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3996] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3996] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3998 attached , parent_tid=[3998], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 3998 [pid 3996] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3996] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 3997] <... sync resumed>) = 0 [pid 3998] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 3997] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] <... openat resumed>) = 5 [pid 3997] <... futex resumed>) = 0 [pid 3998] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3997] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3998] <... futex resumed>) = 1 [pid 3996] <... futex resumed>) = 0 [pid 3998] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3996] exit_group(0 [pid 3998] <... futex resumed>) = ? [pid 3997] <... futex resumed>) = ? [pid 3996] <... exit_group resumed>) = ? [pid 3998] +++ exited with 0 +++ [pid 3997] +++ exited with 0 +++ [pid 3996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3996, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 [ 64.234255][ T3997] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 3999 ./strace-static-x86_64: Process 3999 attached [pid 3999] set_robust_list(0x5555563795e0, 24) = 0 [pid 3999] chdir("./122") = 0 [pid 3999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3999] setpgid(0, 0) = 0 [pid 3999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3999] write(3, "1000", 4) = 4 [pid 3999] close(3) = 0 [pid 3999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3999] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 3999] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3999] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4000 attached , parent_tid=[4000], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4000 [pid 4000] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 3999] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] memfd_create("syzkaller", 0 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... memfd_create resumed>) = 3 [pid 3999] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4000] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4000] close(3) = 0 [pid 4000] mkdir("./file0", 0777) = 0 [pid 4000] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4000] chdir("./file0") = 0 [pid 4000] ioctl(4, LOOP_CLR_FD) = 0 [pid 4000] close(4) = 0 [pid 4000] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3999] <... futex resumed>) = 0 [pid 4000] open(".", O_RDONLY [pid 3999] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... open resumed>) = 4 [pid 4000] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4000] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 3999] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3999] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4001 attached , parent_tid=[4001], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4001 [pid 3999] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4001] set_robust_list(0x7fa6ebe889e0, 24 [pid 3999] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4001] <... set_robust_list resumed>) = 0 [pid 4001] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4000] sync( [pid 4001] <... openat resumed>) = 5 [pid 4001] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4001] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] <... futex resumed>) = 0 [pid 4000] <... sync resumed>) = 0 [pid 4000] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4000] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] exit_group(0) = ? [pid 4001] <... futex resumed>) = ? [pid 4001] +++ exited with 0 +++ [pid 4000] <... futex resumed>) = ? [pid 4000] +++ exited with 0 +++ [pid 3999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3999, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 64.317319][ T4000] loop0: detected capacity change from 0 to 64 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4002 ./strace-static-x86_64: Process 4002 attached [pid 4002] set_robust_list(0x5555563795e0, 24) = 0 [pid 4002] chdir("./123") = 0 [pid 4002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4002] setpgid(0, 0) = 0 [pid 4002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4002] write(3, "1000", 4) = 4 [pid 4002] close(3) = 0 [pid 4002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4002] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4002] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4002] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4003 attached [pid 4003] set_robust_list(0x7fa6ebea99e0, 24 [pid 4002] <... clone resumed>, parent_tid=[4003], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4003 [pid 4003] <... set_robust_list resumed>) = 0 [pid 4002] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4003] memfd_create("syzkaller", 0) = 3 [pid 4003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4003] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4003] close(3) = 0 [pid 4003] mkdir("./file0", 0777) = 0 [pid 4003] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4003] chdir("./file0") = 0 [pid 4003] ioctl(4, LOOP_CLR_FD) = 0 [pid 4003] close(4) = 0 [pid 4003] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] <... futex resumed>) = 0 [pid 4003] <... futex resumed>) = 1 [pid 4002] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] open(".", O_RDONLY [pid 4002] <... futex resumed>) = 0 [pid 4003] <... open resumed>) = 4 [pid 4002] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4003] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4002] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4003] <... mkdirat resumed>) = 0 [pid 4002] <... futex resumed>) = 0 [pid 4003] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4002] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4003] <... futex resumed>) = 0 [pid 4002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4003] sync( [pid 4002] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4002] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4002] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4004 attached , parent_tid=[4004], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4004 [pid 4004] set_robust_list(0x7fa6ebe889e0, 24 [pid 4002] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4004] <... set_robust_list resumed>) = 0 [pid 4002] <... futex resumed>) = 0 [pid 4004] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4002] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4004] <... openat resumed>) = 5 [pid 4003] <... sync resumed>) = 0 [pid 4003] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4003] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4004] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4002] <... futex resumed>) = 0 [pid 4004] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4002] exit_group(0 [pid 4003] <... futex resumed>) = ? [pid 4002] <... exit_group resumed>) = ? [pid 4003] +++ exited with 0 +++ [pid 4004] <... futex resumed>) = ? [pid 4004] +++ exited with 0 +++ [pid 4002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4002, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 64.407460][ T4003] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4005 attached , child_tidptr=0x5555563795d0) = 4005 [pid 4005] set_robust_list(0x5555563795e0, 24) = 0 [pid 4005] chdir("./124") = 0 [pid 4005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4005] setpgid(0, 0) = 0 [pid 4005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4005] write(3, "1000", 4) = 4 [pid 4005] close(3) = 0 [pid 4005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4005] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4005] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4005] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4006 attached , parent_tid=[4006], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4006 [pid 4006] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4006] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4006] <... futex resumed>) = 0 [pid 4006] memfd_create("syzkaller", 0 [pid 4005] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4006] <... memfd_create resumed>) = 3 [pid 4006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4006] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4006] close(3) = 0 [pid 4006] mkdir("./file0", 0777) = 0 [pid 4006] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4006] chdir("./file0") = 0 [pid 4006] ioctl(4, LOOP_CLR_FD) = 0 [pid 4006] close(4) = 0 [pid 4006] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4006] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] <... futex resumed>) = 0 [pid 4005] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] <... futex resumed>) = 0 [pid 4006] open(".", O_RDONLY) = 4 [pid 4006] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4005] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4006] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4006] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4005] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4005] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4005] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4007 attached [pid 4007] set_robust_list(0x7fa6ebe889e0, 24 [pid 4006] sync( [pid 4005] <... clone resumed>, parent_tid=[4007], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4007 [pid 4007] <... set_robust_list resumed>) = 0 [pid 4005] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4007] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4005] <... futex resumed>) = 0 [pid 4005] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4007] <... openat resumed>) = 5 [pid 4007] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4005] <... futex resumed>) = 0 [pid 4007] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4006] <... sync resumed>) = 0 [pid 4006] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4006] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4005] exit_group(0 [pid 4007] <... futex resumed>) = ? [pid 4006] <... futex resumed>) = ? [pid 4005] <... exit_group resumed>) = ? [pid 4007] +++ exited with 0 +++ [pid 4006] +++ exited with 0 +++ [pid 4005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4005, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 [ 64.510227][ T4006] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4008 attached , child_tidptr=0x5555563795d0) = 4008 [pid 4008] set_robust_list(0x5555563795e0, 24) = 0 [pid 4008] chdir("./125") = 0 [pid 4008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4008] setpgid(0, 0) = 0 [pid 4008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4008] write(3, "1000", 4) = 4 [pid 4008] close(3) = 0 [pid 4008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4008] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4008] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4008] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4009], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4009 ./strace-static-x86_64: Process 4009 attached [pid 4008] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4009] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4009] memfd_create("syzkaller", 0) = 3 [pid 4009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4009] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4009] close(3) = 0 [pid 4009] mkdir("./file0", 0777) = 0 [pid 4009] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4009] chdir("./file0") = 0 [pid 4009] ioctl(4, LOOP_CLR_FD) = 0 [pid 4009] close(4) = 0 [pid 4009] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4009] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4008] <... futex resumed>) = 0 [pid 4009] open(".", O_RDONLY [pid 4008] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4009] <... open resumed>) = 4 [pid 4009] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4009] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4008] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4009] <... mkdirat resumed>) = 0 [pid 4008] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4009] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4009] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4008] <... futex resumed>) = 0 [pid 4009] sync( [pid 4008] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4008] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4008] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4010], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4010 [pid 4008] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4008] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4010 attached [pid 4009] <... sync resumed>) = 0 [pid 4009] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4010] set_robust_list(0x7fa6ebe889e0, 24 [pid 4009] <... futex resumed>) = 0 [pid 4010] <... set_robust_list resumed>) = 0 [pid 4009] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4010] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4010] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4008] <... futex resumed>) = 0 [pid 4010] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4008] exit_group(0 [pid 4010] <... futex resumed>) = ? [pid 4009] <... futex resumed>) = ? [pid 4008] <... exit_group resumed>) = ? [pid 4009] +++ exited with 0 +++ [pid 4010] +++ exited with 0 +++ [pid 4008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4008, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.596228][ T4009] loop0: detected capacity change from 0 to 64 lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4011 attached , child_tidptr=0x5555563795d0) = 4011 [pid 4011] set_robust_list(0x5555563795e0, 24) = 0 [pid 4011] chdir("./126") = 0 [pid 4011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4011] setpgid(0, 0) = 0 [pid 4011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4011] write(3, "1000", 4) = 4 [pid 4011] close(3) = 0 [pid 4011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4011] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4011] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4011] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4012 attached [pid 4012] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4012] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4011] <... clone resumed>, parent_tid=[4012], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4012 [pid 4011] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4012] <... futex resumed>) = 0 [pid 4011] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4012] memfd_create("syzkaller", 0) = 3 [pid 4012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4012] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4012] close(3) = 0 [pid 4012] mkdir("./file0", 0777) = 0 [pid 4012] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4012] chdir("./file0") = 0 [pid 4012] ioctl(4, LOOP_CLR_FD) = 0 [pid 4012] close(4) = 0 [pid 4012] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4011] <... futex resumed>) = 0 [pid 4011] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4012] <... futex resumed>) = 1 [pid 4012] open(".", O_RDONLY) = 4 [pid 4012] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4011] <... futex resumed>) = 0 [pid 4011] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4012] <... futex resumed>) = 1 [pid 4012] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4012] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4011] <... futex resumed>) = 0 [pid 4011] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4011] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4011] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4012] <... futex resumed>) = 1 [pid 4012] sync( [pid 4011] <... clone resumed>, parent_tid=[4013], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4013 [pid 4011] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4011] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4013 attached [pid 4013] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4012] <... sync resumed>) = 0 [pid 4012] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4012] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4013] <... openat resumed>) = 5 [pid 4013] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4011] <... futex resumed>) = 0 [pid 4011] exit_group(0 [pid 4012] <... futex resumed>) = ? [pid 4011] <... exit_group resumed>) = ? [pid 4012] +++ exited with 0 +++ [pid 4013] +++ exited with 0 +++ [pid 4011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4011, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4014 ./strace-static-x86_64: Process 4014 attached [pid 4014] set_robust_list(0x5555563795e0, 24) = 0 [pid 4014] chdir("./127") = 0 [pid 4014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4014] setpgid(0, 0) = 0 [ 64.705252][ T4012] loop0: detected capacity change from 0 to 64 [pid 4014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4014] write(3, "1000", 4) = 4 [pid 4014] close(3) = 0 [pid 4014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4014] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4014] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4014] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4015], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4015 [pid 4014] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4015 attached [pid 4015] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4015] memfd_create("syzkaller", 0) = 3 [pid 4015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4015] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4015] close(3) = 0 [pid 4015] mkdir("./file0", 0777) = 0 [pid 4015] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4015] chdir("./file0") = 0 [pid 4015] ioctl(4, LOOP_CLR_FD) = 0 [pid 4015] close(4) = 0 [pid 4015] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] <... futex resumed>) = 0 [pid 4014] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4015] <... futex resumed>) = 1 [pid 4015] open(".", O_RDONLY) = 4 [pid 4015] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] <... futex resumed>) = 0 [pid 4014] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4015] <... futex resumed>) = 1 [pid 4015] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4015] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] <... futex resumed>) = 0 [pid 4014] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4014] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4014] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4016], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4016 [pid 4014] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4014] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4015] <... futex resumed>) = 1 [pid 4015] sync(./strace-static-x86_64: Process 4016 attached [pid 4016] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4016] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4016] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4014] <... futex resumed>) = 0 [pid 4016] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4015] <... sync resumed>) = 0 [pid 4015] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4014] exit_group(0) = ? [pid 4015] <... futex resumed>) = ? [pid 4015] +++ exited with 0 +++ [pid 4016] <... futex resumed>) = ? [pid 4016] +++ exited with 0 +++ [pid 4014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4014, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 [ 64.775062][ T4015] loop0: detected capacity change from 0 to 64 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4017 ./strace-static-x86_64: Process 4017 attached [pid 4017] set_robust_list(0x5555563795e0, 24) = 0 [pid 4017] chdir("./128") = 0 [pid 4017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4017] setpgid(0, 0) = 0 [pid 4017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4017] write(3, "1000", 4) = 4 [pid 4017] close(3) = 0 [pid 4017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4017] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4017] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4017] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4018], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4018 [pid 4017] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4018 attached [pid 4018] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4018] memfd_create("syzkaller", 0) = 3 [pid 4018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4018] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4018] close(3) = 0 [pid 4018] mkdir("./file0", 0777) = 0 [pid 4018] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4018] chdir("./file0") = 0 [pid 4018] ioctl(4, LOOP_CLR_FD) = 0 [pid 4018] close(4) = 0 [pid 4018] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4017] <... futex resumed>) = 0 [pid 4018] open(".", O_RDONLY [pid 4017] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... open resumed>) = 4 [pid 4017] <... futex resumed>) = 0 [pid 4018] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 0 [pid 4017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4018] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4017] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4018] <... mkdirat resumed>) = 0 [pid 4017] <... futex resumed>) = 0 [pid 4018] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4017] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] <... futex resumed>) = 0 [pid 4017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4018] sync( [pid 4017] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4017] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4017] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4019], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4019 [pid 4017] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4019 attached [pid 4018] <... sync resumed>) = 0 [pid 4017] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4018] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4018] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4019] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4019] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4017] <... futex resumed>) = 0 [pid 4017] exit_group(0 [pid 4018] <... futex resumed>) = ? [pid 4017] <... exit_group resumed>) = ? [pid 4018] +++ exited with 0 +++ [pid 4019] +++ exited with 0 +++ [pid 4017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4017, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4020 ./strace-static-x86_64: Process 4020 attached [pid 4020] set_robust_list(0x5555563795e0, 24) = 0 [pid 4020] chdir("./129") = 0 [pid 4020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4020] setpgid(0, 0) = 0 [ 64.860858][ T4018] loop0: detected capacity change from 0 to 64 [pid 4020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4020] write(3, "1000", 4) = 4 [pid 4020] close(3) = 0 [pid 4020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4020] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4020] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4020] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4021], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4021 ./strace-static-x86_64: Process 4021 attached [pid 4021] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4021] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4021] <... futex resumed>) = 0 [pid 4020] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4021] memfd_create("syzkaller", 0) = 3 [pid 4021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4021] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4021] close(3) = 0 [pid 4021] mkdir("./file0", 0777) = 0 [pid 4021] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4021] chdir("./file0") = 0 [pid 4021] ioctl(4, LOOP_CLR_FD) = 0 [pid 4021] close(4) = 0 [pid 4021] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4021] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4021] <... futex resumed>) = 0 [pid 4020] <... futex resumed>) = 1 [pid 4021] open(".", O_RDONLY) = 4 [pid 4021] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4021] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4020] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4021] <... futex resumed>) = 0 [pid 4020] <... futex resumed>) = 1 [pid 4021] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4020] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4021] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4020] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4021] <... futex resumed>) = 0 [pid 4020] <... futex resumed>) = 1 [pid 4021] sync( [pid 4020] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4020] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4020] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4022 attached [pid 4022] set_robust_list(0x7fa6ebe889e0, 24 [pid 4020] <... clone resumed>, parent_tid=[4022], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4022 [pid 4021] <... sync resumed>) = 0 [pid 4021] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4021] <... futex resumed>) = 0 [pid 4020] <... futex resumed>) = 0 [pid 4021] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4022] <... set_robust_list resumed>) = 0 [pid 4022] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4022] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4022] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4020] exit_group(0 [pid 4022] <... futex resumed>) = ? [pid 4021] <... futex resumed>) = ? [pid 4020] <... exit_group resumed>) = ? [pid 4021] +++ exited with 0 +++ [pid 4022] +++ exited with 0 +++ [pid 4020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4020, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 64.941599][ T4021] loop0: detected capacity change from 0 to 64 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4023 ./strace-static-x86_64: Process 4023 attached [pid 4023] set_robust_list(0x5555563795e0, 24) = 0 [pid 4023] chdir("./130") = 0 [pid 4023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4023] setpgid(0, 0) = 0 [pid 4023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4023] write(3, "1000", 4) = 4 [pid 4023] close(3) = 0 [pid 4023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4023] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4023] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4023] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4024 attached , parent_tid=[4024], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4024 [pid 4023] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4024] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4023] <... futex resumed>) = 0 [pid 4024] memfd_create("syzkaller", 0 [pid 4023] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4024] <... memfd_create resumed>) = 3 [pid 4024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4024] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4024] close(3) = 0 [pid 4024] mkdir("./file0", 0777) = 0 [pid 4024] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4024] chdir("./file0") = 0 [pid 4024] ioctl(4, LOOP_CLR_FD) = 0 [pid 4024] close(4) = 0 [pid 4024] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4023] <... futex resumed>) = 0 [pid 4024] open(".", O_RDONLY [pid 4023] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4024] <... open resumed>) = 4 [pid 4023] <... futex resumed>) = 0 [pid 4023] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4024] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4024] <... futex resumed>) = 0 [pid 4023] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4023] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4024] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4024] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4023] <... futex resumed>) = 0 [pid 4023] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4023] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4023] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4023] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4025 attached , parent_tid=[4025], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4025 [pid 4023] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4025] set_robust_list(0x7fa6ebe889e0, 24 [pid 4023] <... futex resumed>) = 0 [pid 4023] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4025] <... set_robust_list resumed>) = 0 [pid 4024] sync( [pid 4025] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4025] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4023] <... futex resumed>) = 0 [pid 4025] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4024] <... sync resumed>) = 0 [pid 4024] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4023] exit_group(0 [pid 4025] <... futex resumed>) = ? [pid 4023] <... exit_group resumed>) = ? [pid 4025] +++ exited with 0 +++ [pid 4024] <... futex resumed>) = ? [pid 4024] +++ exited with 0 +++ [pid 4023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4023, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 65.047990][ T4024] loop0: detected capacity change from 0 to 64 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4026 ./strace-static-x86_64: Process 4026 attached [pid 4026] set_robust_list(0x5555563795e0, 24) = 0 [pid 4026] chdir("./131") = 0 [pid 4026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4026] setpgid(0, 0) = 0 [pid 4026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4026] write(3, "1000", 4) = 4 [pid 4026] close(3) = 0 [pid 4026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4026] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4026] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4026] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4027 attached [pid 4027] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4027] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4026] <... clone resumed>, parent_tid=[4027], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4027 [pid 4026] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4027] <... futex resumed>) = 0 [pid 4026] <... futex resumed>) = 1 [pid 4027] memfd_create("syzkaller", 0 [pid 4026] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4027] <... memfd_create resumed>) = 3 [pid 4027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4027] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4027] close(3) = 0 [pid 4027] mkdir("./file0", 0777) = 0 [pid 4027] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4027] chdir("./file0") = 0 [pid 4027] ioctl(4, LOOP_CLR_FD) = 0 [pid 4027] close(4) = 0 [pid 4027] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4026] <... futex resumed>) = 0 [pid 4026] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4026] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4027] <... futex resumed>) = 1 [pid 4027] open(".", O_RDONLY) = 4 [pid 4027] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4026] <... futex resumed>) = 0 [pid 4026] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4026] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4027] <... futex resumed>) = 1 [pid 4027] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4027] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4026] <... futex resumed>) = 0 [pid 4026] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4026] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4026] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4026] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4028], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4028 [pid 4026] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4026] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4027] <... futex resumed>) = 1 [pid 4027] sync(./strace-static-x86_64: Process 4028 attached [pid 4028] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4028] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4027] <... sync resumed>) = 0 [pid 4027] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4027] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4028] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4026] <... futex resumed>) = 0 [pid 4026] exit_group(0) = ? [pid 4028] <... futex resumed>) = ? [pid 4028] +++ exited with 0 +++ [pid 4027] <... futex resumed>) = ? [pid 4027] +++ exited with 0 +++ [pid 4026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4026, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 [ 65.149582][ T4027] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4029 ./strace-static-x86_64: Process 4029 attached [pid 4029] set_robust_list(0x5555563795e0, 24) = 0 [pid 4029] chdir("./132") = 0 [pid 4029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4029] setpgid(0, 0) = 0 [pid 4029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4029] write(3, "1000", 4) = 4 [pid 4029] close(3) = 0 [pid 4029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4029] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4029] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4029] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4030 attached , parent_tid=[4030], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4030 [pid 4029] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4030] set_robust_list(0x7fa6ebea99e0, 24 [pid 4029] <... futex resumed>) = 0 [pid 4030] <... set_robust_list resumed>) = 0 [pid 4029] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4030] memfd_create("syzkaller", 0) = 3 [pid 4030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4030] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4030] close(3) = 0 [pid 4030] mkdir("./file0", 0777) = 0 [pid 4030] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4030] chdir("./file0") = 0 [pid 4030] ioctl(4, LOOP_CLR_FD) = 0 [pid 4030] close(4) = 0 [pid 4030] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4029] <... futex resumed>) = 0 [pid 4030] open(".", O_RDONLY [pid 4029] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4029] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4030] <... open resumed>) = 4 [pid 4030] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4029] <... futex resumed>) = 0 [pid 4030] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4029] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4029] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4030] <... mkdirat resumed>) = 0 [pid 4030] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4029] <... futex resumed>) = 0 [pid 4030] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4029] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4029] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4029] <... futex resumed>) = 0 [pid 4030] sync( [pid 4029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4029] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4029] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4031 attached , parent_tid=[4031], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4031 [pid 4031] set_robust_list(0x7fa6ebe889e0, 24 [pid 4029] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4031] <... set_robust_list resumed>) = 0 [pid 4029] <... futex resumed>) = 0 [pid 4031] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4029] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4031] <... openat resumed>) = 5 [pid 4031] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4029] <... futex resumed>) = 0 [pid 4031] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4030] <... sync resumed>) = 0 [pid 4030] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4030] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4029] exit_group(0 [pid 4031] <... futex resumed>) = ? [pid 4030] <... futex resumed>) = ? [pid 4029] <... exit_group resumed>) = ? [pid 4030] +++ exited with 0 +++ [pid 4031] +++ exited with 0 +++ [pid 4029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4029, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 [ 65.242353][ T4030] loop0: detected capacity change from 0 to 64 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4032 ./strace-static-x86_64: Process 4032 attached [pid 4032] set_robust_list(0x5555563795e0, 24) = 0 [pid 4032] chdir("./133") = 0 [pid 4032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4032] setpgid(0, 0) = 0 [pid 4032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4032] write(3, "1000", 4) = 4 [pid 4032] close(3) = 0 [pid 4032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4032] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4032] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4032] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4033 attached [pid 4033] set_robust_list(0x7fa6ebea99e0, 24 [pid 4032] <... clone resumed>, parent_tid=[4033], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4033 [pid 4032] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4033] <... set_robust_list resumed>) = 0 [pid 4033] memfd_create("syzkaller", 0) = 3 [pid 4033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4033] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4033] close(3) = 0 [pid 4033] mkdir("./file0", 0777) = 0 [pid 4033] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4033] chdir("./file0") = 0 [pid 4033] ioctl(4, LOOP_CLR_FD) = 0 [pid 4033] close(4) = 0 [pid 4033] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4032] <... futex resumed>) = 0 [pid 4032] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] open(".", O_RDONLY [pid 4032] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4033] <... open resumed>) = 4 [pid 4033] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4032] <... futex resumed>) = 0 [pid 4033] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4032] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4033] <... mkdirat resumed>) = 0 [pid 4032] <... futex resumed>) = 0 [pid 4032] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4033] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4033] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4032] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4033] <... futex resumed>) = 0 [pid 4032] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4033] sync( [pid 4032] <... futex resumed>) = 0 [pid 4032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4032] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4032] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4034 attached , parent_tid=[4034], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4034 [pid 4032] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4032] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4033] <... sync resumed>) = 0 [pid 4033] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4034] set_robust_list(0x7fa6ebe889e0, 24 [pid 4033] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4034] <... set_robust_list resumed>) = 0 [pid 4034] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4034] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4032] <... futex resumed>) = 0 [pid 4032] exit_group(0) = ? [pid 4033] <... futex resumed>) = ? [pid 4033] +++ exited with 0 +++ [pid 4034] +++ exited with 0 +++ [pid 4032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4032, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 65.342017][ T4033] loop0: detected capacity change from 0 to 64 lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4035 ./strace-static-x86_64: Process 4035 attached [pid 4035] set_robust_list(0x5555563795e0, 24) = 0 [pid 4035] chdir("./134") = 0 [pid 4035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4035] setpgid(0, 0) = 0 [pid 4035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4035] write(3, "1000", 4) = 4 [pid 4035] close(3) = 0 [pid 4035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4035] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4035] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4035] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4036 attached , parent_tid=[4036], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4036 [pid 4036] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4036] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4035] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4036] <... futex resumed>) = 0 [pid 4035] <... futex resumed>) = 1 [pid 4036] memfd_create("syzkaller", 0 [pid 4035] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4036] <... memfd_create resumed>) = 3 [pid 4036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4036] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4036] close(3) = 0 [pid 4036] mkdir("./file0", 0777) = 0 [pid 4036] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4036] chdir("./file0") = 0 [pid 4036] ioctl(4, LOOP_CLR_FD) = 0 [pid 4036] close(4) = 0 [pid 4036] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4036] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4035] <... futex resumed>) = 0 [pid 4035] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4035] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4036] <... futex resumed>) = 0 [pid 4036] open(".", O_RDONLY) = 4 [pid 4036] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4035] <... futex resumed>) = 0 [pid 4035] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4035] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4036] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4036] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4035] <... futex resumed>) = 0 [pid 4035] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4035] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4035] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4035] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4037], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4037 [pid 4036] sync( [pid 4035] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4035] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4037 attached [pid 4037] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4037] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4035] <... futex resumed>) = 0 [pid 4037] <... futex resumed>) = 1 [pid 4037] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4036] <... sync resumed>) = 0 [pid 4036] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4035] exit_group(0) = ? [pid 4037] <... futex resumed>) = ? [pid 4037] +++ exited with 0 +++ [pid 4036] <... futex resumed>) = ? [pid 4036] +++ exited with 0 +++ [pid 4035] +++ exited with 0 +++ [ 65.451171][ T4036] loop0: detected capacity change from 0 to 64 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4035, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4038 ./strace-static-x86_64: Process 4038 attached [pid 4038] set_robust_list(0x5555563795e0, 24) = 0 [pid 4038] chdir("./135") = 0 [pid 4038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4038] setpgid(0, 0) = 0 [pid 4038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4038] write(3, "1000", 4) = 4 [pid 4038] close(3) = 0 [pid 4038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4038] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4038] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4038] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4039 attached , parent_tid=[4039], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4039 [pid 4039] set_robust_list(0x7fa6ebea99e0, 24 [pid 4038] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... set_robust_list resumed>) = 0 [pid 4038] <... futex resumed>) = 0 [pid 4039] memfd_create("syzkaller", 0 [pid 4038] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4039] <... memfd_create resumed>) = 3 [pid 4039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4039] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4039] close(3) = 0 [pid 4039] mkdir("./file0", 0777) = 0 [pid 4039] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4039] chdir("./file0") = 0 [pid 4039] ioctl(4, LOOP_CLR_FD) = 0 [pid 4039] close(4) = 0 [pid 4039] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4038] <... futex resumed>) = 0 [pid 4039] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4038] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4038] <... futex resumed>) = 0 [pid 4039] open(".", O_RDONLY [pid 4038] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4039] <... open resumed>) = 4 [pid 4039] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4038] <... futex resumed>) = 0 [pid 4039] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4038] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4038] <... futex resumed>) = 0 [pid 4039] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4038] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4039] <... mkdirat resumed>) = 0 [pid 4039] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4038] <... futex resumed>) = 0 [pid 4039] sync( [pid 4038] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4038] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4038] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4038] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4040 attached , parent_tid=[4040], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4040 [pid 4040] set_robust_list(0x7fa6ebe889e0, 24 [pid 4038] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4040] <... set_robust_list resumed>) = 0 [pid 4038] <... futex resumed>) = 0 [pid 4040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4039] <... sync resumed>) = 0 [pid 4038] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4040] <... openat resumed>) = 5 [pid 4039] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4040] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4039] <... futex resumed>) = 0 [pid 4040] <... futex resumed>) = 1 [pid 4038] <... futex resumed>) = 0 [pid 4040] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4039] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4038] exit_group(0 [pid 4040] <... futex resumed>) = ? [pid 4039] <... futex resumed>) = ? [pid 4038] <... exit_group resumed>) = ? [pid 4040] +++ exited with 0 +++ [pid 4039] +++ exited with 0 +++ [pid 4038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4038, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 [ 65.555497][ T4039] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4041 ./strace-static-x86_64: Process 4041 attached [pid 4041] set_robust_list(0x5555563795e0, 24) = 0 [pid 4041] chdir("./136") = 0 [pid 4041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4041] setpgid(0, 0) = 0 [pid 4041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4041] write(3, "1000", 4) = 4 [pid 4041] close(3) = 0 [pid 4041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4041] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4041] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4041] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4042 attached , parent_tid=[4042], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4042 [pid 4042] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4042] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4041] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4041] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4042] memfd_create("syzkaller", 0) = 3 [pid 4042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4042] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4042] close(3) = 0 [pid 4042] mkdir("./file0", 0777) = 0 [pid 4042] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4042] chdir("./file0") = 0 [pid 4042] ioctl(4, LOOP_CLR_FD) = 0 [pid 4042] close(4) = 0 [pid 4042] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [pid 4042] open(".", O_RDONLY) = 4 [pid 4042] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4042] <... futex resumed>) = 1 [pid 4041] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4042] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4041] <... futex resumed>) = 0 [pid 4042] <... mkdirat resumed>) = 0 [pid 4041] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4042] sync( [pid 4041] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4041] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4041] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4043], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4043 ./strace-static-x86_64: Process 4043 attached [pid 4041] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4043] set_robust_list(0x7fa6ebe889e0, 24 [pid 4041] <... futex resumed>) = 0 [pid 4043] <... set_robust_list resumed>) = 0 [pid 4041] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4042] <... sync resumed>) = 0 [pid 4042] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4043] <... openat resumed>) = 5 [pid 4043] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4043] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4041] exit_group(0 [pid 4042] <... futex resumed>) = ? [pid 4041] <... exit_group resumed>) = ? [pid 4043] <... futex resumed>) = ? [pid 4042] +++ exited with 0 +++ [pid 4043] +++ exited with 0 +++ [pid 4041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4041, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 [ 65.648309][ T4042] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4044 ./strace-static-x86_64: Process 4044 attached [pid 4044] set_robust_list(0x5555563795e0, 24) = 0 [pid 4044] chdir("./137") = 0 [pid 4044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4044] setpgid(0, 0) = 0 [pid 4044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4044] write(3, "1000", 4) = 4 [pid 4044] close(3) = 0 [pid 4044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4044] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4044] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4044] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4045 attached , parent_tid=[4045], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4045 [pid 4044] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4045] set_robust_list(0x7fa6ebea99e0, 24 [pid 4044] <... futex resumed>) = 0 [pid 4045] <... set_robust_list resumed>) = 0 [pid 4044] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4045] memfd_create("syzkaller", 0) = 3 [pid 4045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4045] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4045] close(3) = 0 [pid 4045] mkdir("./file0", 0777) = 0 [pid 4045] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4045] chdir("./file0") = 0 [pid 4045] ioctl(4, LOOP_CLR_FD) = 0 [pid 4045] close(4) = 0 [pid 4045] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4044] <... futex resumed>) = 0 [pid 4044] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] open(".", O_RDONLY [pid 4044] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4045] <... open resumed>) = 4 [pid 4045] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4044] <... futex resumed>) = 0 [pid 4044] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4045] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4044] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4045] <... mkdirat resumed>) = 0 [pid 4045] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4044] <... futex resumed>) = 0 [pid 4045] sync( [pid 4044] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4044] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4044] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4044] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4046 attached [pid 4045] <... sync resumed>) = 0 [pid 4044] <... clone resumed>, parent_tid=[4046], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4046 [pid 4046] set_robust_list(0x7fa6ebe889e0, 24 [pid 4045] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] <... set_robust_list resumed>) = 0 [pid 4045] <... futex resumed>) = 0 [pid 4044] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4046] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4045] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4044] <... futex resumed>) = 0 [pid 4044] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4046] <... openat resumed>) = 5 [pid 4046] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4044] <... futex resumed>) = 0 [ 65.732766][ T4045] loop0: detected capacity change from 0 to 64 [pid 4046] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4044] exit_group(0 [pid 4046] <... futex resumed>) = ? [pid 4045] <... futex resumed>) = ? [pid 4044] <... exit_group resumed>) = ? [pid 4046] +++ exited with 0 +++ [pid 4045] +++ exited with 0 +++ [pid 4044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4044, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4047 ./strace-static-x86_64: Process 4047 attached [pid 4047] set_robust_list(0x5555563795e0, 24) = 0 [pid 4047] chdir("./138") = 0 [pid 4047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4047] setpgid(0, 0) = 0 [pid 4047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4047] write(3, "1000", 4) = 4 [pid 4047] close(3) = 0 [pid 4047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4047] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4047] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4047] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4048 attached , parent_tid=[4048], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4048 [pid 4047] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4048] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4048] memfd_create("syzkaller", 0) = 3 [pid 4048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4048] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4048] close(3) = 0 [pid 4048] mkdir("./file0", 0777) = 0 [pid 4048] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4048] chdir("./file0") = 0 [pid 4048] ioctl(4, LOOP_CLR_FD) = 0 [pid 4048] close(4) = 0 [pid 4048] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4047] <... futex resumed>) = 0 [pid 4048] open(".", O_RDONLY [pid 4047] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4048] <... open resumed>) = 4 [pid 4047] <... futex resumed>) = 0 [pid 4048] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4047] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4048] <... futex resumed>) = 0 [pid 4047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4048] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4047] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4048] <... mkdirat resumed>) = 0 [pid 4047] <... futex resumed>) = 0 [pid 4048] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4047] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4048] <... futex resumed>) = 0 [pid 4047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4048] sync( [pid 4047] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4047] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4047] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4049], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4049 [pid 4047] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4047] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4049 attached [pid 4049] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4048] <... sync resumed>) = 0 [pid 4048] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4049] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4048] <... futex resumed>) = 0 [pid 4048] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4049] <... openat resumed>) = 5 [pid 4049] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4047] <... futex resumed>) = 0 [pid 4047] exit_group(0) = ? [pid 4049] <... futex resumed>) = ? [pid 4049] +++ exited with 0 +++ [pid 4048] <... futex resumed>) = ? [pid 4048] +++ exited with 0 +++ [pid 4047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4047, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 65.841423][ T4048] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4050 ./strace-static-x86_64: Process 4050 attached [pid 4050] set_robust_list(0x5555563795e0, 24) = 0 [pid 4050] chdir("./139") = 0 [pid 4050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4050] setpgid(0, 0) = 0 [pid 4050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4050] write(3, "1000", 4) = 4 [pid 4050] close(3) = 0 [pid 4050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4050] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4050] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4050] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4051 attached , parent_tid=[4051], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4051 [pid 4051] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4051] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4050] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4051] <... futex resumed>) = 0 [pid 4050] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4051] memfd_create("syzkaller", 0) = 3 [pid 4051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4051] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4051] close(3) = 0 [pid 4051] mkdir("./file0", 0777) = 0 [pid 4051] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4051] chdir("./file0") = 0 [pid 4051] ioctl(4, LOOP_CLR_FD) = 0 [pid 4051] close(4) = 0 [pid 4051] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4050] <... futex resumed>) = 0 [pid 4050] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4050] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4051] <... futex resumed>) = 1 [pid 4051] open(".", O_RDONLY) = 4 [pid 4051] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4050] <... futex resumed>) = 0 [pid 4050] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4050] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4051] <... futex resumed>) = 1 [pid 4051] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4051] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4050] <... futex resumed>) = 0 [pid 4050] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4050] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4050] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4050] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4052], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4052 ./strace-static-x86_64: Process 4052 attached [pid 4050] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4050] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4051] <... futex resumed>) = 1 [pid 4051] sync( [pid 4052] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4052] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4051] <... sync resumed>) = 0 [pid 4052] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4051] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4051] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4050] <... futex resumed>) = 0 [pid 4050] exit_group(0) = ? [pid 4052] <... futex resumed>) = ? [pid 4051] <... futex resumed>) = ? [pid 4052] +++ exited with 0 +++ [pid 4051] +++ exited with 0 +++ [pid 4050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4050, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 [ 65.917582][ T4051] loop0: detected capacity change from 0 to 64 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4053 ./strace-static-x86_64: Process 4053 attached [pid 4053] set_robust_list(0x5555563795e0, 24) = 0 [pid 4053] chdir("./140") = 0 [pid 4053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4053] setpgid(0, 0) = 0 [pid 4053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4053] write(3, "1000", 4) = 4 [pid 4053] close(3) = 0 [pid 4053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4053] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4053] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4053] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4054], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4054 [pid 4053] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4054 attached [pid 4054] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4054] memfd_create("syzkaller", 0) = 3 [pid 4054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4054] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4054] close(3) = 0 [pid 4054] mkdir("./file0", 0777) = 0 [pid 4054] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4054] chdir("./file0") = 0 [pid 4054] ioctl(4, LOOP_CLR_FD) = 0 [pid 4054] close(4) = 0 [pid 4054] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] <... futex resumed>) = 0 [pid 4053] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4054] open(".", O_RDONLY) = 4 [pid 4054] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] <... futex resumed>) = 0 [pid 4054] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4053] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4054] <... mkdirat resumed>) = 0 [pid 4054] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] <... futex resumed>) = 0 [pid 4054] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4053] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4053] <... futex resumed>) = 0 [pid 4053] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4054] sync( [pid 4053] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4053] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4053] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4055 attached , parent_tid=[4055], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4055 [pid 4055] set_robust_list(0x7fa6ebe889e0, 24 [pid 4053] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4053] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4055] <... set_robust_list resumed>) = 0 [pid 4055] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4055] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4053] <... futex resumed>) = 0 [pid 4054] <... sync resumed>) = 0 [pid 4054] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4054] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4055] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4053] exit_group(0) = ? [pid 4054] <... futex resumed>) = ? [pid 4054] +++ exited with 0 +++ [pid 4055] <... futex resumed>) = ? [pid 4055] +++ exited with 0 +++ [pid 4053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4053, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 [ 66.012633][ T4054] loop0: detected capacity change from 0 to 64 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4056 ./strace-static-x86_64: Process 4056 attached [pid 4056] set_robust_list(0x5555563795e0, 24) = 0 [pid 4056] chdir("./141") = 0 [pid 4056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4056] setpgid(0, 0) = 0 [pid 4056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4056] write(3, "1000", 4) = 4 [pid 4056] close(3) = 0 [pid 4056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4056] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4056] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4056] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4057 attached [pid 4057] set_robust_list(0x7fa6ebea99e0, 24 [pid 4056] <... clone resumed>, parent_tid=[4057], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4057 [pid 4057] <... set_robust_list resumed>) = 0 [pid 4057] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4056] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4057] memfd_create("syzkaller", 0 [pid 4056] <... futex resumed>) = 0 [pid 4056] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4057] <... memfd_create resumed>) = 3 [pid 4057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4057] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4057] close(3) = 0 [pid 4057] mkdir("./file0", 0777) = 0 [pid 4057] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4057] chdir("./file0") = 0 [pid 4057] ioctl(4, LOOP_CLR_FD) = 0 [pid 4057] close(4) = 0 [pid 4057] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4056] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4057] <... futex resumed>) = 1 [pid 4057] open(".", O_RDONLY) = 4 [pid 4057] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4056] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4057] <... futex resumed>) = 1 [pid 4057] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4057] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4056] <... futex resumed>) = 0 [pid 4056] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4056] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4057] <... futex resumed>) = 1 [pid 4056] <... mprotect resumed>) = 0 [pid 4057] sync( [pid 4056] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4058], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4058 [pid 4056] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4056] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4058 attached [pid 4058] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4058] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4058] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4056] <... futex resumed>) = 0 [pid 4058] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4057] <... sync resumed>) = 0 [pid 4057] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4057] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4056] exit_group(0 [pid 4058] <... futex resumed>) = ? [pid 4057] <... futex resumed>) = ? [pid 4056] <... exit_group resumed>) = ? [pid 4058] +++ exited with 0 +++ [pid 4057] +++ exited with 0 +++ [pid 4056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4056, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4059 ./strace-static-x86_64: Process 4059 attached [pid 4059] set_robust_list(0x5555563795e0, 24) = 0 [ 66.091891][ T4057] loop0: detected capacity change from 0 to 64 [pid 4059] chdir("./142") = 0 [pid 4059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4059] setpgid(0, 0) = 0 [pid 4059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4059] write(3, "1000", 4) = 4 [pid 4059] close(3) = 0 [pid 4059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4059] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4059] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4059] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4060 attached [pid 4060] set_robust_list(0x7fa6ebea99e0, 24 [pid 4059] <... clone resumed>, parent_tid=[4060], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4060 [pid 4060] <... set_robust_list resumed>) = 0 [pid 4059] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4060] memfd_create("syzkaller", 0) = 3 [pid 4060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4060] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4060] close(3) = 0 [pid 4060] mkdir("./file0", 0777) = 0 [pid 4060] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4060] chdir("./file0") = 0 [pid 4060] ioctl(4, LOOP_CLR_FD) = 0 [pid 4060] close(4) = 0 [pid 4060] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4059] <... futex resumed>) = 0 [pid 4059] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4060] <... futex resumed>) = 1 [pid 4060] open(".", O_RDONLY) = 4 [pid 4060] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4059] <... futex resumed>) = 0 [pid 4059] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4060] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4060] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4059] <... futex resumed>) = 0 [pid 4059] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4059] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4060] sync( [pid 4059] <... mprotect resumed>) = 0 [pid 4059] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4061], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4061 [pid 4059] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4061 attached [pid 4061] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4061] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4061] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4059] <... futex resumed>) = 0 [pid 4061] <... futex resumed>) = 1 [pid 4061] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4060] <... sync resumed>) = 0 [pid 4060] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4059] exit_group(0) = ? [pid 4061] <... futex resumed>) = ? [pid 4061] +++ exited with 0 +++ [pid 4060] +++ exited with 0 +++ [pid 4059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4059, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 [ 66.164201][ T4060] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4062 ./strace-static-x86_64: Process 4062 attached [pid 4062] set_robust_list(0x5555563795e0, 24) = 0 [pid 4062] chdir("./143") = 0 [pid 4062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4062] setpgid(0, 0) = 0 [pid 4062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4062] write(3, "1000", 4) = 4 [pid 4062] close(3) = 0 [pid 4062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4062] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4062] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4062] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4063 attached [pid 4063] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4062] <... clone resumed>, parent_tid=[4063], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4063 [pid 4063] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4062] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4063] memfd_create("syzkaller", 0 [pid 4062] <... futex resumed>) = 0 [pid 4063] <... memfd_create resumed>) = 3 [pid 4063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4062] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4063] <... mmap resumed>) = 0x7fa6e3a00000 [pid 4063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4063] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4063] close(3) = 0 [pid 4063] mkdir("./file0", 0777) = 0 [pid 4063] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4063] chdir("./file0") = 0 [pid 4063] ioctl(4, LOOP_CLR_FD) = 0 [pid 4063] close(4) = 0 [pid 4063] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4062] <... futex resumed>) = 0 [pid 4062] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4063] open(".", O_RDONLY [pid 4062] <... futex resumed>) = 0 [pid 4063] <... open resumed>) = 4 [pid 4062] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4063] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4063] <... futex resumed>) = 0 [pid 4062] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4063] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4062] <... futex resumed>) = 0 [pid 4062] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4063] <... mkdirat resumed>) = 0 [pid 4063] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4062] <... futex resumed>) = 0 [pid 4063] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4062] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4062] <... futex resumed>) = 0 [pid 4063] sync( [pid 4062] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4062] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4063] <... sync resumed>) = 0 [pid 4063] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4062] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4064 attached [pid 4063] <... futex resumed>) = 0 [pid 4064] set_robust_list(0x7fa6ebe889e0, 24 [pid 4062] <... clone resumed>, parent_tid=[4064], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4064 [pid 4064] <... set_robust_list resumed>) = 0 [pid 4062] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4064] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4062] <... futex resumed>) = 0 [pid 4063] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4062] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] <... openat resumed>) = 5 [pid 4064] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4062] <... futex resumed>) = 0 [pid 4064] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4062] exit_group(0 [pid 4064] <... futex resumed>) = ? [pid 4063] <... futex resumed>) = ? [pid 4062] <... exit_group resumed>) = ? [pid 4063] +++ exited with 0 +++ [pid 4064] +++ exited with 0 +++ [pid 4062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4062, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 [ 66.245970][ T4063] loop0: detected capacity change from 0 to 64 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4065 ./strace-static-x86_64: Process 4065 attached [pid 4065] set_robust_list(0x5555563795e0, 24) = 0 [pid 4065] chdir("./144") = 0 [pid 4065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4065] setpgid(0, 0) = 0 [pid 4065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4065] write(3, "1000", 4) = 4 [pid 4065] close(3) = 0 [pid 4065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4065] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4065] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4065] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4066 attached [pid 4066] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4066] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4065] <... clone resumed>, parent_tid=[4066], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4066 [pid 4065] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4066] <... futex resumed>) = 0 [pid 4065] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4066] memfd_create("syzkaller", 0) = 3 [pid 4066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4066] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4066] close(3) = 0 [pid 4066] mkdir("./file0", 0777) = 0 [pid 4066] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4066] chdir("./file0") = 0 [pid 4066] ioctl(4, LOOP_CLR_FD) = 0 [pid 4066] close(4) = 0 [pid 4066] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4065] <... futex resumed>) = 0 [pid 4065] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] open(".", O_RDONLY [pid 4065] <... futex resumed>) = 0 [pid 4065] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4066] <... open resumed>) = 4 [pid 4066] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4065] <... futex resumed>) = 0 [pid 4065] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4065] <... futex resumed>) = 0 [pid 4065] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4066] <... mkdirat resumed>) = 0 [pid 4066] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4065] <... futex resumed>) = 0 [pid 4065] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4066] sync( [pid 4065] <... futex resumed>) = 0 [pid 4065] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4065] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4065] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4067], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4067 [pid 4065] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4065] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4067 attached [pid 4067] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4067] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4067] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] <... futex resumed>) = 0 [pid 4067] <... futex resumed>) = 1 [pid 4067] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4066] <... sync resumed>) = 0 [pid 4066] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4065] exit_group(0) = ? [pid 4067] <... futex resumed>) = ? [pid 4067] +++ exited with 0 +++ [pid 4066] <... futex resumed>) = ? [pid 4066] +++ exited with 0 +++ [pid 4065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4065, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 66.345575][ T4066] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4068 ./strace-static-x86_64: Process 4068 attached [pid 4068] set_robust_list(0x5555563795e0, 24) = 0 [pid 4068] chdir("./145") = 0 [pid 4068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4068] setpgid(0, 0) = 0 [pid 4068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4068] write(3, "1000", 4) = 4 [pid 4068] close(3) = 0 [pid 4068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4068] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4068] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4068] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4069], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4069 ./strace-static-x86_64: Process 4069 attached [pid 4069] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4069] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4068] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4069] <... futex resumed>) = 0 [pid 4068] <... futex resumed>) = 1 [pid 4069] memfd_create("syzkaller", 0 [pid 4068] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4069] <... memfd_create resumed>) = 3 [pid 4069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4069] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4069] close(3) = 0 [pid 4069] mkdir("./file0", 0777) = 0 [pid 4069] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4069] chdir("./file0") = 0 [pid 4069] ioctl(4, LOOP_CLR_FD) = 0 [pid 4069] close(4) = 0 [pid 4069] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4069] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4068] <... futex resumed>) = 0 [pid 4068] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4068] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4069] <... futex resumed>) = 0 [pid 4069] open(".", O_RDONLY) = 4 [pid 4069] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] <... futex resumed>) = 0 [pid 4068] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4068] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4069] <... futex resumed>) = 1 [pid 4069] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4069] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] <... futex resumed>) = 0 [pid 4068] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4068] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4068] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4069] <... futex resumed>) = 1 [pid 4068] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4069] sync( [pid 4068] <... clone resumed>, parent_tid=[4070], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4070 [pid 4068] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4068] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4070 attached [pid 4070] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4070] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4068] <... futex resumed>) = 0 [pid 4070] <... futex resumed>) = 1 [pid 4070] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4069] <... sync resumed>) = 0 [pid 4069] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4069] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4068] exit_group(0) = ? [pid 4070] <... futex resumed>) = ? [pid 4070] +++ exited with 0 +++ [pid 4069] <... futex resumed>) = ? [pid 4069] +++ exited with 0 +++ [pid 4068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4068, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 [ 66.432920][ T4069] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4071 ./strace-static-x86_64: Process 4071 attached [pid 4071] set_robust_list(0x5555563795e0, 24) = 0 [pid 4071] chdir("./146") = 0 [pid 4071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4071] setpgid(0, 0) = 0 [pid 4071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4071] write(3, "1000", 4) = 4 [pid 4071] close(3) = 0 [pid 4071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4071] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4071] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4071] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4072 attached [pid 4072] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4072] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4071] <... clone resumed>, parent_tid=[4072], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4072 [pid 4071] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4071] <... futex resumed>) = 0 [pid 4071] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4072] memfd_create("syzkaller", 0) = 3 [pid 4072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4072] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4072] close(3) = 0 [pid 4072] mkdir("./file0", 0777) = 0 [pid 4072] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4072] chdir("./file0") = 0 [pid 4072] ioctl(4, LOOP_CLR_FD) = 0 [pid 4072] close(4) = 0 [pid 4072] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4071] <... futex resumed>) = 0 [pid 4072] open(".", O_RDONLY [pid 4071] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] <... open resumed>) = 4 [pid 4072] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... futex resumed>) = 0 [pid 4071] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] <... futex resumed>) = 1 [pid 4072] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4072] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... futex resumed>) = 0 [pid 4071] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4071] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4071] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4073], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4073 [pid 4071] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4072] <... futex resumed>) = 1 [pid 4072] sync(./strace-static-x86_64: Process 4073 attached [pid 4073] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4073] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4071] <... futex resumed>) = 0 [pid 4073] <... futex resumed>) = 1 [pid 4073] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4072] <... sync resumed>) = 0 [pid 4072] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4071] exit_group(0) = ? [pid 4073] <... futex resumed>) = ? [pid 4072] +++ exited with 0 +++ [pid 4073] +++ exited with 0 +++ [pid 4071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4071, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 [ 66.527268][ T4072] loop0: detected capacity change from 0 to 64 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4074 ./strace-static-x86_64: Process 4074 attached [pid 4074] set_robust_list(0x5555563795e0, 24) = 0 [pid 4074] chdir("./147") = 0 [pid 4074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4074] setpgid(0, 0) = 0 [pid 4074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4074] write(3, "1000", 4) = 4 [pid 4074] close(3) = 0 [pid 4074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4074] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4074] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4074] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4075 attached [pid 4075] set_robust_list(0x7fa6ebea99e0, 24 [pid 4074] <... clone resumed>, parent_tid=[4075], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4075 [pid 4075] <... set_robust_list resumed>) = 0 [pid 4075] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4074] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4075] <... futex resumed>) = 0 [pid 4074] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4075] memfd_create("syzkaller", 0) = 3 [pid 4075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4075] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4075] close(3) = 0 [pid 4075] mkdir("./file0", 0777) = 0 [pid 4075] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4075] chdir("./file0") = 0 [pid 4075] ioctl(4, LOOP_CLR_FD) = 0 [pid 4075] close(4) = 0 [pid 4075] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4074] <... futex resumed>) = 0 [pid 4074] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4074] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4075] <... futex resumed>) = 1 [pid 4075] open(".", O_RDONLY) = 4 [pid 4075] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4074] <... futex resumed>) = 0 [pid 4074] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4074] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4075] <... futex resumed>) = 1 [pid 4075] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4075] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4074] <... futex resumed>) = 0 [pid 4074] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4074] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4074] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4074] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4076], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4076 [pid 4074] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4076 attached [pid 4074] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4076] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4075] <... futex resumed>) = 1 [pid 4075] sync( [pid 4076] <... openat resumed>) = 5 [pid 4076] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4074] <... futex resumed>) = 0 [pid 4076] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4075] <... sync resumed>) = 0 [pid 4075] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4074] exit_group(0) = ? [pid 4076] <... futex resumed>) = ? [pid 4076] +++ exited with 0 +++ [pid 4075] +++ exited with 0 +++ [pid 4074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4074, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./147/binderfs") = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 66.615707][ T4075] loop0: detected capacity change from 0 to 64 rmdir("./147/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4077 ./strace-static-x86_64: Process 4077 attached [pid 4077] set_robust_list(0x5555563795e0, 24) = 0 [pid 4077] chdir("./148") = 0 [pid 4077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4077] setpgid(0, 0) = 0 [pid 4077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4077] write(3, "1000", 4) = 4 [pid 4077] close(3) = 0 [pid 4077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4077] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4077] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4077] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4078], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4078 [pid 4077] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4078 attached [pid 4078] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4078] memfd_create("syzkaller", 0) = 3 [pid 4078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4078] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4078] close(3) = 0 [pid 4078] mkdir("./file0", 0777) = 0 [pid 4078] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4078] chdir("./file0") = 0 [pid 4078] ioctl(4, LOOP_CLR_FD) = 0 [pid 4078] close(4) = 0 [pid 4078] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4078] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4077] <... futex resumed>) = 0 [pid 4077] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4077] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4078] <... futex resumed>) = 0 [pid 4078] open(".", O_RDONLY) = 4 [pid 4078] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = 0 [pid 4077] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4078] <... futex resumed>) = 1 [pid 4078] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4078] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = 0 [pid 4077] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4077] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4077] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4079], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4079 [pid 4077] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4077] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4078] <... futex resumed>) = 1 [pid 4078] sync(./strace-static-x86_64: Process 4079 attached [pid 4079] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4079] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4077] <... futex resumed>) = 0 [pid 4078] <... sync resumed>) = 0 [pid 4078] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4078] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4079] <... futex resumed>) = 1 [pid 4077] exit_group(0) = ? [pid 4078] <... futex resumed>) = ? [pid 4078] +++ exited with 0 +++ [pid 4079] +++ exited with 0 +++ [pid 4077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4077, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4080 attached [ 66.701739][ T4078] loop0: detected capacity change from 0 to 64 [pid 4080] set_robust_list(0x5555563795e0, 24) = 0 [pid 4080] chdir("./149") = 0 [pid 4080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4080] setpgid(0, 0) = 0 [pid 4080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4080] write(3, "1000", 4) = 4 [pid 4080] close(3) = 0 [pid 4080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4080] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 4080 [pid 4080] <... futex resumed>) = 0 [pid 4080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4080] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4080] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4081 attached , parent_tid=[4081], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4081 [pid 4081] set_robust_list(0x7fa6ebea99e0, 24 [pid 4080] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4081] <... set_robust_list resumed>) = 0 [pid 4080] <... futex resumed>) = 0 [pid 4080] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4081] memfd_create("syzkaller", 0) = 3 [pid 4081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4081] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4081] close(3) = 0 [pid 4081] mkdir("./file0", 0777) = 0 [pid 4081] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4081] chdir("./file0") = 0 [pid 4081] ioctl(4, LOOP_CLR_FD) = 0 [pid 4081] close(4) = 0 [pid 4081] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... futex resumed>) = 0 [pid 4081] <... futex resumed>) = 1 [pid 4080] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4081] open(".", O_RDONLY [pid 4080] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4081] <... open resumed>) = 4 [pid 4081] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... futex resumed>) = 0 [pid 4081] <... futex resumed>) = 1 [pid 4080] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4081] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4080] <... futex resumed>) = 0 [pid 4080] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4081] <... mkdirat resumed>) = 0 [pid 4081] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4080] <... futex resumed>) = 0 [pid 4080] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4081] sync( [pid 4080] <... futex resumed>) = 0 [pid 4080] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4080] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4080] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4082 attached , parent_tid=[4082], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4082 [pid 4082] set_robust_list(0x7fa6ebe889e0, 24 [pid 4080] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4082] <... set_robust_list resumed>) = 0 [pid 4080] <... futex resumed>) = 0 [pid 4082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4080] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4082] <... openat resumed>) = 5 [pid 4082] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4080] <... futex resumed>) = 0 [pid 4082] <... futex resumed>) = 1 [pid 4082] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4081] <... sync resumed>) = 0 [pid 4081] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4081] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4080] exit_group(0 [pid 4082] <... futex resumed>) = ? [pid 4080] <... exit_group resumed>) = ? [pid 4081] <... futex resumed>) = ? [pid 4082] +++ exited with 0 +++ [pid 4081] +++ exited with 0 +++ [pid 4080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4080, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 66.779691][ T4081] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4083 ./strace-static-x86_64: Process 4083 attached [pid 4083] set_robust_list(0x5555563795e0, 24) = 0 [pid 4083] chdir("./150") = 0 [pid 4083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4083] setpgid(0, 0) = 0 [pid 4083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4083] write(3, "1000", 4) = 4 [pid 4083] close(3) = 0 [pid 4083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4083] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4083] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4083] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4084 attached [pid 4084] set_robust_list(0x7fa6ebea99e0, 24 [pid 4083] <... clone resumed>, parent_tid=[4084], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4084 [pid 4084] <... set_robust_list resumed>) = 0 [pid 4083] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4084] memfd_create("syzkaller", 0 [pid 4083] <... futex resumed>) = 0 [pid 4084] <... memfd_create resumed>) = 3 [pid 4083] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4084] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4084] close(3) = 0 [pid 4084] mkdir("./file0", 0777) = 0 [pid 4084] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4084] chdir("./file0") = 0 [pid 4084] ioctl(4, LOOP_CLR_FD) = 0 [pid 4084] close(4) = 0 [pid 4084] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4083] <... futex resumed>) = 0 [pid 4084] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4083] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4083] <... futex resumed>) = 0 [pid 4084] open(".", O_RDONLY [pid 4083] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4084] <... open resumed>) = 4 [pid 4084] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4083] <... futex resumed>) = 0 [pid 4084] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4083] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4083] <... futex resumed>) = 0 [pid 4084] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4083] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4084] <... mkdirat resumed>) = 0 [pid 4084] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4083] <... futex resumed>) = 0 [pid 4084] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4083] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4084] sync( [pid 4083] <... futex resumed>) = 0 [pid 4083] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4083] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4083] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4085 attached , parent_tid=[4085], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4085 [pid 4083] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4083] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4085] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4084] <... sync resumed>) = 0 [pid 4084] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4084] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4085] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4083] <... futex resumed>) = 0 [pid 4085] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4083] exit_group(0 [pid 4085] <... futex resumed>) = ? [pid 4084] <... futex resumed>) = ? [pid 4083] <... exit_group resumed>) = ? [pid 4084] +++ exited with 0 +++ [pid 4085] +++ exited with 0 +++ [pid 4083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4083, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 [ 66.863158][ T4084] loop0: detected capacity change from 0 to 64 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4086 ./strace-static-x86_64: Process 4086 attached [pid 4086] set_robust_list(0x5555563795e0, 24) = 0 [pid 4086] chdir("./151") = 0 [pid 4086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4086] setpgid(0, 0) = 0 [pid 4086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4086] write(3, "1000", 4) = 4 [pid 4086] close(3) = 0 [pid 4086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4086] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4086] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4086] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4087 attached , parent_tid=[4087], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4087 [pid 4086] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4087] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4087] memfd_create("syzkaller", 0) = 3 [pid 4087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4087] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4087] close(3) = 0 [pid 4087] mkdir("./file0", 0777) = 0 [pid 4087] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4087] chdir("./file0") = 0 [pid 4087] ioctl(4, LOOP_CLR_FD) = 0 [pid 4087] close(4) = 0 [pid 4087] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4086] <... futex resumed>) = 0 [pid 4087] open(".", O_RDONLY [pid 4086] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... open resumed>) = 4 [pid 4086] <... futex resumed>) = 0 [pid 4087] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4087] <... futex resumed>) = 0 [pid 4086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4087] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4086] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4087] <... mkdirat resumed>) = 0 [pid 4086] <... futex resumed>) = 0 [pid 4087] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4087] <... futex resumed>) = 0 [pid 4086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4087] sync( [pid 4086] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4086] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4086] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4088], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4088 [pid 4086] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4088 attached [pid 4088] set_robust_list(0x7fa6ebe889e0, 24 [pid 4087] <... sync resumed>) = 0 [pid 4087] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4087] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4088] <... set_robust_list resumed>) = 0 [pid 4088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4088] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4086] <... futex resumed>) = 0 [pid 4086] exit_group(0 [pid 4087] <... futex resumed>) = ? [pid 4086] <... exit_group resumed>) = ? [pid 4087] +++ exited with 0 +++ [pid 4088] <... futex resumed>) = ? [pid 4088] +++ exited with 0 +++ [pid 4086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4086, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 [ 66.961504][ T4087] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4089 ./strace-static-x86_64: Process 4089 attached [pid 4089] set_robust_list(0x5555563795e0, 24) = 0 [pid 4089] chdir("./152") = 0 [pid 4089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4089] setpgid(0, 0) = 0 [pid 4089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4089] write(3, "1000", 4) = 4 [pid 4089] close(3) = 0 [pid 4089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4089] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4089] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4089] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4090 attached , parent_tid=[4090], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4090 [pid 4090] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4090] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4089] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4090] <... futex resumed>) = 0 [pid 4090] memfd_create("syzkaller", 0 [pid 4089] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4090] <... memfd_create resumed>) = 3 [pid 4090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4090] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4090] close(3) = 0 [pid 4090] mkdir("./file0", 0777) = 0 [pid 4090] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4090] chdir("./file0") = 0 [pid 4090] ioctl(4, LOOP_CLR_FD) = 0 [pid 4090] close(4) = 0 [pid 4090] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = 0 [pid 4089] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4089] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4090] <... futex resumed>) = 1 [pid 4090] open(".", O_RDONLY) = 4 [pid 4090] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = 0 [pid 4089] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4089] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4090] <... futex resumed>) = 1 [pid 4090] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4090] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4089] <... futex resumed>) = 0 [pid 4089] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4089] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4089] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4089] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4091], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4091 [pid 4089] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4089] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4090] <... futex resumed>) = 1 [pid 4090] sync() = 0 [pid 4090] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4090] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4091 attached [pid 4091] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4091] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4089] <... futex resumed>) = 0 [pid 4089] exit_group(0 [pid 4090] <... futex resumed>) = ? [pid 4089] <... exit_group resumed>) = ? [pid 4090] +++ exited with 0 +++ [pid 4091] +++ exited with 0 +++ [pid 4089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4089, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 67.051998][ T4090] loop0: detected capacity change from 0 to 64 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4092 ./strace-static-x86_64: Process 4092 attached [pid 4092] set_robust_list(0x5555563795e0, 24) = 0 [pid 4092] chdir("./153") = 0 [pid 4092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4092] setpgid(0, 0) = 0 [pid 4092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4092] write(3, "1000", 4) = 4 [pid 4092] close(3) = 0 [pid 4092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4092] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4092] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4092] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4093 attached , parent_tid=[4093], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4093 [pid 4093] set_robust_list(0x7fa6ebea99e0, 24 [pid 4092] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4093] <... set_robust_list resumed>) = 0 [pid 4092] <... futex resumed>) = 0 [pid 4092] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4093] memfd_create("syzkaller", 0) = 3 [pid 4093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4093] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4093] close(3) = 0 [pid 4093] mkdir("./file0", 0777) = 0 [pid 4093] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4093] chdir("./file0") = 0 [pid 4093] ioctl(4, LOOP_CLR_FD) = 0 [pid 4093] close(4) = 0 [pid 4093] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4093] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4092] <... futex resumed>) = 0 [pid 4092] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4093] <... futex resumed>) = 0 [pid 4092] <... futex resumed>) = 1 [pid 4092] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4093] open(".", O_RDONLY) = 4 [pid 4093] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4092] <... futex resumed>) = 0 [pid 4093] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4092] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4093] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4092] <... futex resumed>) = 0 [pid 4093] <... mkdirat resumed>) = 0 [pid 4092] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4093] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4092] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4093] <... futex resumed>) = 0 [pid 4092] <... futex resumed>) = 0 [pid 4093] sync( [pid 4092] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4092] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4092] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4094 attached [pid 4094] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4092] <... clone resumed>, parent_tid=[4094], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4094 [pid 4094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4092] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4092] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4094] <... openat resumed>) = 5 [pid 4094] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4092] <... futex resumed>) = 0 [pid 4094] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4093] <... sync resumed>) = 0 [pid 4093] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4093] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4092] exit_group(0) = ? [pid 4093] <... futex resumed>) = ? [pid 4094] <... futex resumed>) = ? [pid 4094] +++ exited with 0 +++ [pid 4093] +++ exited with 0 +++ [pid 4092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4092, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 [ 67.138665][ T4093] loop0: detected capacity change from 0 to 64 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4095 ./strace-static-x86_64: Process 4095 attached [pid 4095] set_robust_list(0x5555563795e0, 24) = 0 [pid 4095] chdir("./154") = 0 [pid 4095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4095] setpgid(0, 0) = 0 [pid 4095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4095] write(3, "1000", 4) = 4 [pid 4095] close(3) = 0 [pid 4095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4095] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4095] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4095] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4096 attached [pid 4096] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4096] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4095] <... clone resumed>, parent_tid=[4096], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4096 [pid 4095] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4096] <... futex resumed>) = 0 [pid 4095] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4096] memfd_create("syzkaller", 0) = 3 [pid 4096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4096] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4096] close(3) = 0 [pid 4096] mkdir("./file0", 0777) = 0 [pid 4096] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4096] chdir("./file0") = 0 [pid 4096] ioctl(4, LOOP_CLR_FD) = 0 [pid 4096] close(4) = 0 [pid 4096] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4095] <... futex resumed>) = 0 [pid 4095] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4095] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4096] open(".", O_RDONLY) = 4 [pid 4096] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4095] <... futex resumed>) = 0 [pid 4095] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4095] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4096] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4096] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4095] <... futex resumed>) = 0 [pid 4095] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4095] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4095] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4095] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4097], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4097 [pid 4095] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4095] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4096] sync(./strace-static-x86_64: Process 4097 attached [pid 4097] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4097] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4095] <... futex resumed>) = 0 [pid 4097] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4096] <... sync resumed>) = 0 [pid 4096] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4095] exit_group(0) = ? [pid 4097] <... futex resumed>) = ? [pid 4097] +++ exited with 0 +++ [pid 4096] <... futex resumed>) = ? [pid 4096] +++ exited with 0 +++ [pid 4095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4095, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4098 [ 67.243678][ T4096] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 4098 attached [pid 4098] set_robust_list(0x5555563795e0, 24) = 0 [pid 4098] chdir("./155") = 0 [pid 4098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4098] setpgid(0, 0) = 0 [pid 4098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4098] write(3, "1000", 4) = 4 [pid 4098] close(3) = 0 [pid 4098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4098] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4098] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4098] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4099], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4099 [pid 4098] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4099 attached [pid 4099] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4099] memfd_create("syzkaller", 0 [pid 4098] <... futex resumed>) = 0 [pid 4098] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4099] <... memfd_create resumed>) = 3 [pid 4099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4099] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4099] close(3) = 0 [pid 4099] mkdir("./file0", 0777) = 0 [pid 4099] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4099] chdir("./file0") = 0 [pid 4099] ioctl(4, LOOP_CLR_FD) = 0 [pid 4099] close(4) = 0 [pid 4099] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4098] <... futex resumed>) = 0 [pid 4098] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4098] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4099] <... futex resumed>) = 1 [pid 4099] open(".", O_RDONLY) = 4 [pid 4099] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4098] <... futex resumed>) = 0 [pid 4098] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4098] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4099] <... futex resumed>) = 1 [pid 4099] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4099] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4098] <... futex resumed>) = 0 [pid 4098] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4098] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4098] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4098] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4100], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4100 [pid 4098] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4098] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4099] <... futex resumed>) = 1 [pid 4099] sync(./strace-static-x86_64: Process 4100 attached [pid 4100] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4100] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4098] <... futex resumed>) = 0 [pid 4100] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4099] <... sync resumed>) = 0 [pid 4099] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4099] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4098] exit_group(0 [pid 4099] <... futex resumed>) = ? [pid 4098] <... exit_group resumed>) = ? [pid 4099] +++ exited with 0 +++ [pid 4100] <... futex resumed>) = ? [pid 4100] +++ exited with 0 +++ [pid 4098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4098, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 67.329457][ T4099] loop0: detected capacity change from 0 to 64 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4101 ./strace-static-x86_64: Process 4101 attached [pid 4101] set_robust_list(0x5555563795e0, 24) = 0 [pid 4101] chdir("./156") = 0 [pid 4101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4101] setpgid(0, 0) = 0 [pid 4101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4101] write(3, "1000", 4) = 4 [pid 4101] close(3) = 0 [pid 4101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4101] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4101] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4101] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4102 attached [pid 4102] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4102] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4101] <... clone resumed>, parent_tid=[4102], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4102 [pid 4101] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4102] <... futex resumed>) = 0 [pid 4102] memfd_create("syzkaller", 0 [pid 4101] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4102] <... memfd_create resumed>) = 3 [pid 4102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4102] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4102] close(3) = 0 [pid 4102] mkdir("./file0", 0777) = 0 [pid 4102] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4102] chdir("./file0") = 0 [pid 4102] ioctl(4, LOOP_CLR_FD) = 0 [pid 4102] close(4) = 0 [pid 4102] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4101] <... futex resumed>) = 0 [pid 4101] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4102] open(".", O_RDONLY) = 4 [pid 4102] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4101] <... futex resumed>) = 0 [pid 4101] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4102] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4102] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4101] <... futex resumed>) = 0 [pid 4101] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4101] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4102] sync( [pid 4101] <... mprotect resumed>) = 0 [pid 4101] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4103], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4103 [pid 4101] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4103 attached [pid 4103] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4103] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4101] <... futex resumed>) = 0 [pid 4103] <... futex resumed>) = 1 [pid 4103] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4102] <... sync resumed>) = 0 [pid 4102] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4101] exit_group(0) = ? [pid 4103] <... futex resumed>) = ? [pid 4103] +++ exited with 0 +++ [pid 4102] +++ exited with 0 +++ [pid 4101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4101, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 67.435089][ T4102] loop0: detected capacity change from 0 to 64 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4104 ./strace-static-x86_64: Process 4104 attached [pid 4104] set_robust_list(0x5555563795e0, 24) = 0 [pid 4104] chdir("./157") = 0 [pid 4104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4104] setpgid(0, 0) = 0 [pid 4104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4104] write(3, "1000", 4) = 4 [pid 4104] close(3) = 0 [pid 4104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4104] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4104] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4104] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4105], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4105 ./strace-static-x86_64: Process 4105 attached [pid 4104] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4104] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4105] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4105] memfd_create("syzkaller", 0) = 3 [pid 4105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4105] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4105] close(3) = 0 [pid 4105] mkdir("./file0", 0777) = 0 [pid 4105] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4105] chdir("./file0") = 0 [pid 4105] ioctl(4, LOOP_CLR_FD) = 0 [pid 4105] close(4) = 0 [pid 4105] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4104] <... futex resumed>) = 0 [pid 4104] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4104] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4105] <... futex resumed>) = 1 [pid 4105] open(".", O_RDONLY) = 4 [pid 4105] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4104] <... futex resumed>) = 0 [pid 4104] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4104] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4105] <... futex resumed>) = 1 [pid 4105] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4105] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4104] <... futex resumed>) = 0 [pid 4104] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4104] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4104] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4104] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4106], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4106 [pid 4104] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4104] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4105] <... futex resumed>) = 1 [pid 4105] sync(./strace-static-x86_64: Process 4106 attached [pid 4106] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4105] <... sync resumed>) = 0 [pid 4105] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4105] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4106] <... openat resumed>) = 5 [pid 4106] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4104] <... futex resumed>) = 0 [pid 4104] exit_group(0) = ? [pid 4105] <... futex resumed>) = ? [pid 4105] +++ exited with 0 +++ [pid 4106] +++ exited with 0 +++ [pid 4104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4104, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 [ 67.527732][ T4105] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4107 ./strace-static-x86_64: Process 4107 attached [pid 4107] set_robust_list(0x5555563795e0, 24) = 0 [pid 4107] chdir("./158") = 0 [pid 4107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4107] setpgid(0, 0) = 0 [pid 4107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4107] write(3, "1000", 4) = 4 [pid 4107] close(3) = 0 [pid 4107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4107] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4107] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4107] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4108], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4108 ./strace-static-x86_64: Process 4108 attached [pid 4108] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4108] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] <... futex resumed>) = 0 [pid 4107] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4108] memfd_create("syzkaller", 0) = 3 [pid 4108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4108] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4108] close(3) = 0 [pid 4108] mkdir("./file0", 0777) = 0 [pid 4108] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4108] chdir("./file0") = 0 [pid 4108] ioctl(4, LOOP_CLR_FD) = 0 [pid 4108] close(4) = 0 [pid 4108] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... futex resumed>) = 1 [pid 4108] open(".", O_RDONLY) = 4 [pid 4108] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... futex resumed>) = 1 [pid 4108] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4108] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4107] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4107] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4109], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4109 [pid 4107] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... futex resumed>) = 1 [pid 4108] sync(./strace-static-x86_64: Process 4109 attached [pid 4109] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4109] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4109] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4107] <... futex resumed>) = 0 [pid 4109] <... futex resumed>) = 1 [pid 4109] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4108] <... sync resumed>) = 0 [pid 4108] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] exit_group(0) = ? [pid 4109] <... futex resumed>) = ? [pid 4108] +++ exited with 0 +++ [pid 4109] +++ exited with 0 +++ [pid 4107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4107, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4110 ./strace-static-x86_64: Process 4110 attached [pid 4110] set_robust_list(0x5555563795e0, 24) = 0 [pid 4110] chdir("./159") = 0 [pid 4110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4110] setpgid(0, 0) = 0 [pid 4110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4110] write(3, "1000", 4) = 4 [pid 4110] close(3) = 0 [ 67.615682][ T4108] loop0: detected capacity change from 0 to 64 [pid 4110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4110] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4110] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4110] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4111], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4111 [pid 4110] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4110] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4111 attached [pid 4111] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4111] memfd_create("syzkaller", 0) = 3 [pid 4111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4111] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4111] close(3) = 0 [pid 4111] mkdir("./file0", 0777) = 0 [pid 4111] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4111] chdir("./file0") = 0 [pid 4111] ioctl(4, LOOP_CLR_FD) = 0 [pid 4111] close(4) = 0 [pid 4111] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4110] <... futex resumed>) = 0 [pid 4111] open(".", O_RDONLY [pid 4110] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4111] <... open resumed>) = 4 [pid 4110] <... futex resumed>) = 0 [pid 4111] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4110] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4111] <... futex resumed>) = 0 [pid 4110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4110] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4110] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4111] <... mkdirat resumed>) = 0 [pid 4111] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4110] <... futex resumed>) = 0 [pid 4110] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4110] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4111] sync( [pid 4110] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4110] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4110] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4112 attached , parent_tid=[4112], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4112 [pid 4110] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4112] set_robust_list(0x7fa6ebe889e0, 24 [pid 4110] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4112] <... set_robust_list resumed>) = 0 [pid 4111] <... sync resumed>) = 0 [pid 4112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4111] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4111] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4112] <... openat resumed>) = 5 [pid 4112] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4110] <... futex resumed>) = 0 [pid 4110] exit_group(0) = ? [pid 4111] <... futex resumed>) = ? [pid 4111] +++ exited with 0 +++ [pid 4112] +++ exited with 0 +++ [pid 4110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4110, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 [ 67.688900][ T4111] loop0: detected capacity change from 0 to 64 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4113 ./strace-static-x86_64: Process 4113 attached [pid 4113] set_robust_list(0x5555563795e0, 24) = 0 [pid 4113] chdir("./160") = 0 [pid 4113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4113] setpgid(0, 0) = 0 [pid 4113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4113] write(3, "1000", 4) = 4 [pid 4113] close(3) = 0 [pid 4113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4113] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4113] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4113] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4114], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4114 [pid 4113] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4113] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4114 attached [pid 4114] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4114] memfd_create("syzkaller", 0) = 3 [pid 4114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4114] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4114] close(3) = 0 [pid 4114] mkdir("./file0", 0777) = 0 [pid 4114] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4114] chdir("./file0") = 0 [pid 4114] ioctl(4, LOOP_CLR_FD) = 0 [pid 4114] close(4) = 0 [pid 4114] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4113] <... futex resumed>) = 0 [pid 4113] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4113] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4114] <... futex resumed>) = 1 [pid 4114] open(".", O_RDONLY) = 4 [pid 4114] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4113] <... futex resumed>) = 0 [pid 4113] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4113] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4114] <... futex resumed>) = 1 [pid 4114] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4114] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4113] <... futex resumed>) = 0 [pid 4113] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4113] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4113] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4113] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4115], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4115 [pid 4113] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4113] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4114] <... futex resumed>) = 1 [pid 4114] sync(./strace-static-x86_64: Process 4115 attached [pid 4115] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4114] <... sync resumed>) = 0 [pid 4114] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4114] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4115] <... openat resumed>) = 5 [pid 4115] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4113] <... futex resumed>) = 0 [pid 4113] exit_group(0) = ? [pid 4115] +++ exited with 0 +++ [pid 4114] <... futex resumed>) = ? [pid 4114] +++ exited with 0 +++ [pid 4113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4113, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4116 ./strace-static-x86_64: Process 4116 attached [pid 4116] set_robust_list(0x5555563795e0, 24) = 0 [pid 4116] chdir("./161") = 0 [ 67.764268][ T4114] loop0: detected capacity change from 0 to 64 [pid 4116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4116] setpgid(0, 0) = 0 [pid 4116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4116] write(3, "1000", 4) = 4 [pid 4116] close(3) = 0 [pid 4116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4116] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4116] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4116] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4117 attached , parent_tid=[4117], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4117 [pid 4117] set_robust_list(0x7fa6ebea99e0, 24 [pid 4116] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4117] <... set_robust_list resumed>) = 0 [pid 4116] <... futex resumed>) = 0 [pid 4116] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4117] memfd_create("syzkaller", 0) = 3 [pid 4117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4117] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4117] close(3) = 0 [pid 4117] mkdir("./file0", 0777) = 0 [pid 4117] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4117] chdir("./file0") = 0 [pid 4117] ioctl(4, LOOP_CLR_FD) = 0 [pid 4117] close(4) = 0 [pid 4117] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4116] <... futex resumed>) = 0 [pid 4117] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4116] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4116] <... futex resumed>) = 0 [pid 4117] open(".", O_RDONLY [pid 4116] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4117] <... open resumed>) = 4 [pid 4117] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4116] <... futex resumed>) = 0 [pid 4117] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4116] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4116] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4117] <... mkdirat resumed>) = 0 [pid 4117] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4117] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4116] <... futex resumed>) = 0 [pid 4117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4116] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4117] sync( [pid 4116] <... futex resumed>) = 0 [pid 4116] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4116] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4116] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4118 attached [pid 4118] set_robust_list(0x7fa6ebe889e0, 24 [pid 4116] <... clone resumed>, parent_tid=[4118], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4118 [pid 4118] <... set_robust_list resumed>) = 0 [pid 4117] <... sync resumed>) = 0 [pid 4116] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4117] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4116] <... futex resumed>) = 0 [pid 4117] <... futex resumed>) = 0 [pid 4118] <... openat resumed>) = 5 [pid 4116] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4118] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4117] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4118] <... futex resumed>) = 0 [pid 4116] exit_group(0 [pid 4117] <... futex resumed>) = ? [pid 4116] <... exit_group resumed>) = ? [pid 4118] +++ exited with 0 +++ [pid 4117] +++ exited with 0 +++ [pid 4116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4116, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 67.840970][ T4117] loop0: detected capacity change from 0 to 64 rmdir("./161/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4119 ./strace-static-x86_64: Process 4119 attached [pid 4119] set_robust_list(0x5555563795e0, 24) = 0 [pid 4119] chdir("./162") = 0 [pid 4119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4119] setpgid(0, 0) = 0 [pid 4119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4119] write(3, "1000", 4) = 4 [pid 4119] close(3) = 0 [pid 4119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4119] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4119] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4119] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4120 attached [pid 4120] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4120] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4119] <... clone resumed>, parent_tid=[4120], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4120 [pid 4119] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4120] <... futex resumed>) = 0 [pid 4119] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4120] memfd_create("syzkaller", 0) = 3 [pid 4120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4120] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4120] close(3) = 0 [pid 4120] mkdir("./file0", 0777) = 0 [pid 4120] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4120] chdir("./file0") = 0 [pid 4120] ioctl(4, LOOP_CLR_FD) = 0 [pid 4120] close(4) = 0 [pid 4120] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4119] <... futex resumed>) = 0 [pid 4120] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4119] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4120] open(".", O_RDONLY [pid 4119] <... futex resumed>) = 0 [pid 4120] <... open resumed>) = 4 [pid 4120] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4119] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4120] <... futex resumed>) = 0 [pid 4120] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4119] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4120] <... futex resumed>) = 0 [pid 4119] <... futex resumed>) = 1 [pid 4120] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4119] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4120] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4120] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4119] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4120] sync( [pid 4119] <... futex resumed>) = 0 [pid 4119] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4119] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4120] <... sync resumed>) = 0 [pid 4120] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4119] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4120] <... futex resumed>) = 0 ./strace-static-x86_64: Process 4121 attached [pid 4120] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4121] set_robust_list(0x7fa6ebe889e0, 24 [pid 4119] <... clone resumed>, parent_tid=[4121], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4121 [pid 4121] <... set_robust_list resumed>) = 0 [pid 4119] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4119] <... futex resumed>) = 0 [pid 4119] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4121] <... openat resumed>) = 5 [pid 4121] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4119] <... futex resumed>) = 0 [pid 4121] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4119] exit_group(0 [pid 4121] <... futex resumed>) = ? [pid 4120] <... futex resumed>) = ? [pid 4119] <... exit_group resumed>) = ? [pid 4121] +++ exited with 0 +++ [pid 4120] +++ exited with 0 +++ [pid 4119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4119, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 67.930317][ T4120] loop0: detected capacity change from 0 to 64 umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4122 attached , child_tidptr=0x5555563795d0) = 4122 [pid 4122] set_robust_list(0x5555563795e0, 24) = 0 [pid 4122] chdir("./163") = 0 [pid 4122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4122] setpgid(0, 0) = 0 [pid 4122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4122] write(3, "1000", 4) = 4 [pid 4122] close(3) = 0 [pid 4122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4122] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4122] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4122] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4123], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4123 [pid 4122] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4123 attached [pid 4123] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4123] memfd_create("syzkaller", 0) = 3 [pid 4123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4123] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4123] close(3) = 0 [pid 4123] mkdir("./file0", 0777) = 0 [pid 4123] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4123] chdir("./file0") = 0 [pid 4123] ioctl(4, LOOP_CLR_FD) = 0 [pid 4123] close(4) = 0 [pid 4123] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4122] <... futex resumed>) = 0 [pid 4122] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4123] <... futex resumed>) = 1 [pid 4123] open(".", O_RDONLY) = 4 [pid 4123] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4122] <... futex resumed>) = 0 [pid 4122] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4123] <... futex resumed>) = 1 [pid 4123] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4123] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4122] <... futex resumed>) = 0 [pid 4122] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4122] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4122] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4124], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4124 [pid 4122] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4122] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4123] <... futex resumed>) = 1 [pid 4123] sync() = 0 [pid 4123] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4123] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4124 attached [pid 4124] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4124] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4122] <... futex resumed>) = 0 [pid 4122] exit_group(0) = ? [pid 4123] <... futex resumed>) = ? [pid 4123] +++ exited with 0 +++ [pid 4124] <... futex resumed>) = ? [pid 4124] +++ exited with 0 +++ [pid 4122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4122, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4125 ./strace-static-x86_64: Process 4125 attached [pid 4125] set_robust_list(0x5555563795e0, 24) = 0 [pid 4125] chdir("./164") = 0 [pid 4125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4125] setpgid(0, 0) = 0 [ 68.032716][ T4123] loop0: detected capacity change from 0 to 64 [pid 4125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4125] write(3, "1000", 4) = 4 [pid 4125] close(3) = 0 [pid 4125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4125] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4125] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4125] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4126], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4126 [pid 4125] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4125] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4126 attached [pid 4126] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4126] memfd_create("syzkaller", 0) = 3 [pid 4126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4126] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4126] close(3) = 0 [pid 4126] mkdir("./file0", 0777) = 0 [pid 4126] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4126] chdir("./file0") = 0 [pid 4126] ioctl(4, LOOP_CLR_FD) = 0 [pid 4126] close(4) = 0 [pid 4126] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4125] <... futex resumed>) = 0 [pid 4126] open(".", O_RDONLY [pid 4125] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4126] <... open resumed>) = 4 [pid 4125] <... futex resumed>) = 0 [pid 4125] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4126] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4125] <... futex resumed>) = 0 [pid 4126] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4125] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4126] <... mkdirat resumed>) = 0 [pid 4125] <... futex resumed>) = 0 [pid 4126] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4125] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4125] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4125] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4126] <... futex resumed>) = 0 [pid 4125] <... futex resumed>) = 0 [pid 4126] sync( [pid 4125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4125] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4125] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4127 attached , parent_tid=[4127], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4127 [pid 4127] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4125] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4125] <... futex resumed>) = 0 [pid 4125] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4127] <... openat resumed>) = 5 [pid 4126] <... sync resumed>) = 0 [pid 4126] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4126] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4127] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4125] <... futex resumed>) = 0 [pid 4127] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4125] exit_group(0 [pid 4126] <... futex resumed>) = ? [pid 4125] <... exit_group resumed>) = ? [pid 4126] +++ exited with 0 +++ [pid 4127] <... futex resumed>) = ? [pid 4127] +++ exited with 0 +++ [pid 4125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4125, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4128 ./strace-static-x86_64: Process 4128 attached [pid 4128] set_robust_list(0x5555563795e0, 24) = 0 [pid 4128] chdir("./165") = 0 [pid 4128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 68.110959][ T4126] loop0: detected capacity change from 0 to 64 [pid 4128] setpgid(0, 0) = 0 [pid 4128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4128] write(3, "1000", 4) = 4 [pid 4128] close(3) = 0 [pid 4128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4128] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4128] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4128] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4129], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4129 [pid 4128] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4128] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4129 attached [pid 4129] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4129] memfd_create("syzkaller", 0) = 3 [pid 4129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4129] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4129] close(3) = 0 [pid 4129] mkdir("./file0", 0777) = 0 [pid 4129] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4129] chdir("./file0") = 0 [pid 4129] ioctl(4, LOOP_CLR_FD) = 0 [pid 4129] close(4) = 0 [pid 4129] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4128] <... futex resumed>) = 0 [pid 4128] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4128] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4129] <... futex resumed>) = 1 [pid 4129] open(".", O_RDONLY) = 4 [pid 4129] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4128] <... futex resumed>) = 0 [pid 4128] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4128] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4129] <... futex resumed>) = 1 [pid 4129] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4129] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4128] <... futex resumed>) = 0 [pid 4128] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4128] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4128] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4128] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4130], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4130 [pid 4128] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4128] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4129] <... futex resumed>) = 1 [pid 4129] sync(./strace-static-x86_64: Process 4130 attached [pid 4130] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4130] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4128] <... futex resumed>) = 0 [pid 4130] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4129] <... sync resumed>) = 0 [pid 4129] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4128] exit_group(0 [pid 4130] <... futex resumed>) = ? [pid 4128] <... exit_group resumed>) = ? [pid 4130] +++ exited with 0 +++ [pid 4129] <... futex resumed>) = ? [pid 4129] +++ exited with 0 +++ [pid 4128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4128, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 [ 68.183016][ T4129] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4131 ./strace-static-x86_64: Process 4131 attached [pid 4131] set_robust_list(0x5555563795e0, 24) = 0 [pid 4131] chdir("./166") = 0 [pid 4131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4131] setpgid(0, 0) = 0 [pid 4131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4131] write(3, "1000", 4) = 4 [pid 4131] close(3) = 0 [pid 4131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4131] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4131] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4131] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4132 attached , parent_tid=[4132], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4132 [pid 4132] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4132] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4131] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4132] <... futex resumed>) = 0 [pid 4132] memfd_create("syzkaller", 0 [pid 4131] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4132] <... memfd_create resumed>) = 3 [pid 4132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4132] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4132] close(3) = 0 [pid 4132] mkdir("./file0", 0777) = 0 [pid 4132] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4132] chdir("./file0") = 0 [pid 4132] ioctl(4, LOOP_CLR_FD) = 0 [pid 4132] close(4) = 0 [pid 4132] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4131] <... futex resumed>) = 0 [pid 4131] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4132] open(".", O_RDONLY) = 4 [pid 4132] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4131] <... futex resumed>) = 0 [pid 4131] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4132] <... futex resumed>) = 1 [pid 4132] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4132] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4131] <... futex resumed>) = 0 [pid 4131] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4131] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4131] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4133], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4133 [pid 4131] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4131] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4132] <... futex resumed>) = 1 [pid 4132] sync(./strace-static-x86_64: Process 4133 attached [pid 4133] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4133] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4133] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4131] <... futex resumed>) = 0 [pid 4132] <... sync resumed>) = 0 [pid 4132] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4132] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4131] exit_group(0) = ? [pid 4133] <... futex resumed>) = ? [pid 4132] <... futex resumed>) = ? [pid 4132] +++ exited with 0 +++ [pid 4133] +++ exited with 0 +++ [pid 4131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4131, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 [ 68.292626][ T4132] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4134 ./strace-static-x86_64: Process 4134 attached [pid 4134] set_robust_list(0x5555563795e0, 24) = 0 [pid 4134] chdir("./167") = 0 [pid 4134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4134] setpgid(0, 0) = 0 [pid 4134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4134] write(3, "1000", 4) = 4 [pid 4134] close(3) = 0 [pid 4134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4134] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4134] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4134] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4135 attached , parent_tid=[4135], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4135 [pid 4134] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4134] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4135] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4135] memfd_create("syzkaller", 0) = 3 [pid 4135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4135] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4135] close(3) = 0 [pid 4135] mkdir("./file0", 0777) = 0 [pid 4135] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4135] chdir("./file0") = 0 [pid 4135] ioctl(4, LOOP_CLR_FD) = 0 [pid 4135] close(4) = 0 [pid 4135] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4134] <... futex resumed>) = 0 [pid 4134] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4134] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4135] open(".", O_RDONLY) = 4 [pid 4135] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4134] <... futex resumed>) = 0 [pid 4135] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4134] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4134] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4135] <... mkdirat resumed>) = 0 [pid 4135] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4134] <... futex resumed>) = 0 [pid 4134] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4135] sync( [pid 4134] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4134] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4134] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4136], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4136 [pid 4134] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4134] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4135] <... sync resumed>) = 0 [pid 4135] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4135] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4136 attached [pid 4136] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4136] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4134] <... futex resumed>) = 0 [pid 4136] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4134] exit_group(0 [pid 4136] <... futex resumed>) = ? [pid 4134] <... exit_group resumed>) = ? [pid 4135] <... futex resumed>) = ? [pid 4135] +++ exited with 0 +++ [pid 4136] +++ exited with 0 +++ [pid 4134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4134, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 68.393964][ T4135] loop0: detected capacity change from 0 to 64 lstat("./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4137 ./strace-static-x86_64: Process 4137 attached [pid 4137] set_robust_list(0x5555563795e0, 24) = 0 [pid 4137] chdir("./168") = 0 [pid 4137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4137] setpgid(0, 0) = 0 [pid 4137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4137] write(3, "1000", 4) = 4 [pid 4137] close(3) = 0 [pid 4137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4137] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4137] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4137] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4138 attached , parent_tid=[4138], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4138 [pid 4137] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4138] set_robust_list(0x7fa6ebea99e0, 24 [pid 4137] <... futex resumed>) = 0 [pid 4138] <... set_robust_list resumed>) = 0 [pid 4137] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4138] memfd_create("syzkaller", 0) = 3 [pid 4138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4138] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4138] close(3) = 0 [pid 4138] mkdir("./file0", 0777) = 0 [pid 4138] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4138] chdir("./file0") = 0 [pid 4138] ioctl(4, LOOP_CLR_FD) = 0 [pid 4138] close(4) = 0 [pid 4138] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4137] <... futex resumed>) = 0 [pid 4137] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4137] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4138] <... futex resumed>) = 1 [pid 4138] open(".", O_RDONLY) = 4 [pid 4138] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4137] <... futex resumed>) = 0 [pid 4137] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4137] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4138] <... futex resumed>) = 1 [pid 4138] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4138] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4137] <... futex resumed>) = 0 [pid 4137] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4137] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4137] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4137] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4139], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4139 [pid 4137] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4137] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4138] <... futex resumed>) = 1 [pid 4138] sync(./strace-static-x86_64: Process 4139 attached [pid 4139] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4139] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4137] <... futex resumed>) = 0 [pid 4138] <... sync resumed>) = 0 [pid 4139] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4138] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4138] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4137] exit_group(0) = ? [pid 4139] <... futex resumed>) = ? [pid 4138] <... futex resumed>) = ? [pid 4138] +++ exited with 0 +++ [pid 4139] +++ exited with 0 +++ [pid 4137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 68.496958][ T4138] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4140 ./strace-static-x86_64: Process 4140 attached [pid 4140] set_robust_list(0x5555563795e0, 24) = 0 [pid 4140] chdir("./169") = 0 [pid 4140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4140] setpgid(0, 0) = 0 [pid 4140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4140] write(3, "1000", 4) = 4 [pid 4140] close(3) = 0 [pid 4140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4140] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4140] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4140] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4141 attached , parent_tid=[4141], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4141 [pid 4141] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4141] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4140] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4141] <... futex resumed>) = 0 [pid 4140] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4141] memfd_create("syzkaller", 0) = 3 [pid 4141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4141] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4141] close(3) = 0 [pid 4141] mkdir("./file0", 0777) = 0 [pid 4141] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4141] chdir("./file0") = 0 [pid 4141] ioctl(4, LOOP_CLR_FD) = 0 [pid 4141] close(4) = 0 [pid 4141] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4140] <... futex resumed>) = 0 [pid 4140] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4140] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4141] <... futex resumed>) = 1 [pid 4141] open(".", O_RDONLY) = 4 [pid 4141] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4140] <... futex resumed>) = 0 [pid 4140] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4140] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4141] <... futex resumed>) = 1 [pid 4141] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4141] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4140] <... futex resumed>) = 0 [pid 4140] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4140] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4140] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4140] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4142 attached [pid 4142] set_robust_list(0x7fa6ebe889e0, 24 [pid 4140] <... clone resumed>, parent_tid=[4142], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4142 [pid 4142] <... set_robust_list resumed>) = 0 [pid 4140] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4140] <... futex resumed>) = 0 [pid 4140] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4141] <... futex resumed>) = 1 [pid 4142] <... openat resumed>) = 5 [pid 4142] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4140] <... futex resumed>) = 0 [pid 4142] <... futex resumed>) = 1 [pid 4142] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4141] sync() = 0 [pid 4141] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4140] exit_group(0) = ? [pid 4142] <... futex resumed>) = ? [pid 4142] +++ exited with 0 +++ [pid 4141] +++ exited with 0 +++ [pid 4140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4140, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 68.593829][ T4141] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4143 attached , child_tidptr=0x5555563795d0) = 4143 [pid 4143] set_robust_list(0x5555563795e0, 24) = 0 [pid 4143] chdir("./170") = 0 [pid 4143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4143] setpgid(0, 0) = 0 [pid 4143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4143] write(3, "1000", 4) = 4 [pid 4143] close(3) = 0 [pid 4143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4143] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4143] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4143] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4144 attached , parent_tid=[4144], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4144 [pid 4144] set_robust_list(0x7fa6ebea99e0, 24 [pid 4143] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4143] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4144] <... set_robust_list resumed>) = 0 [pid 4144] memfd_create("syzkaller", 0) = 3 [pid 4144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4144] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4144] close(3) = 0 [pid 4144] mkdir("./file0", 0777) = 0 [pid 4144] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4144] chdir("./file0") = 0 [pid 4144] ioctl(4, LOOP_CLR_FD) = 0 [pid 4144] close(4) = 0 [pid 4144] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4143] <... futex resumed>) = 0 [pid 4144] open(".", O_RDONLY [pid 4143] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4144] <... open resumed>) = 4 [pid 4143] <... futex resumed>) = 0 [pid 4144] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4143] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4144] <... futex resumed>) = 0 [pid 4143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4144] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4143] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4143] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4144] <... mkdirat resumed>) = 0 [pid 4144] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4143] <... futex resumed>) = 0 [pid 4143] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4143] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4143] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4144] sync( [pid 4143] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4145 attached , parent_tid=[4145], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4145 [pid 4145] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4145] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4143] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4145] <... futex resumed>) = 0 [pid 4143] <... futex resumed>) = 1 [pid 4145] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4143] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4145] <... openat resumed>) = 5 [pid 4145] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4145] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4143] <... futex resumed>) = 0 [pid 4144] <... sync resumed>) = 0 [pid 4144] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4143] exit_group(0) = ? [pid 4145] <... futex resumed>) = ? [pid 4145] +++ exited with 0 +++ [pid 4144] <... futex resumed>) = ? [pid 4144] +++ exited with 0 +++ [pid 4143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4143, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./170/binderfs") = 0 [ 68.675745][ T4144] loop0: detected capacity change from 0 to 64 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4146 ./strace-static-x86_64: Process 4146 attached [pid 4146] set_robust_list(0x5555563795e0, 24) = 0 [pid 4146] chdir("./171") = 0 [pid 4146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4146] setpgid(0, 0) = 0 [pid 4146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4146] write(3, "1000", 4) = 4 [pid 4146] close(3) = 0 [pid 4146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4146] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4146] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4146] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4147], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4147 ./strace-static-x86_64: Process 4147 attached [pid 4147] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4147] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4146] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4146] <... futex resumed>) = 0 [pid 4146] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4147] memfd_create("syzkaller", 0) = 3 [pid 4147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4147] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4147] close(3) = 0 [pid 4147] mkdir("./file0", 0777) = 0 [pid 4147] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4147] chdir("./file0") = 0 [pid 4147] ioctl(4, LOOP_CLR_FD) = 0 [pid 4147] close(4) = 0 [pid 4147] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4146] <... futex resumed>) = 0 [pid 4147] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4146] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4147] open(".", O_RDONLY [pid 4146] <... futex resumed>) = 0 [pid 4147] <... open resumed>) = 4 [pid 4146] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4147] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4147] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4146] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4147] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4146] <... futex resumed>) = 0 [pid 4146] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4147] <... mkdirat resumed>) = 0 [pid 4147] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4146] <... futex resumed>) = 0 [pid 4147] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4146] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4147] sync( [pid 4146] <... futex resumed>) = 0 [pid 4146] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4146] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4146] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4148], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4148 [pid 4146] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4146] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4148 attached [pid 4148] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4148] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4146] <... futex resumed>) = 0 [pid 4148] <... futex resumed>) = 1 [pid 4148] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4147] <... sync resumed>) = 0 [pid 4147] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4147] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4146] exit_group(0) = ? [pid 4147] <... futex resumed>) = ? [pid 4147] +++ exited with 0 +++ [pid 4148] <... futex resumed>) = ? [pid 4148] +++ exited with 0 +++ [pid 4146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4146, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./171/binderfs") = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 68.778836][ T4147] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4149 ./strace-static-x86_64: Process 4149 attached [pid 4149] set_robust_list(0x5555563795e0, 24) = 0 [pid 4149] chdir("./172") = 0 [pid 4149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4149] setpgid(0, 0) = 0 [pid 4149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4149] write(3, "1000", 4) = 4 [pid 4149] close(3) = 0 [pid 4149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4149] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4149] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4149] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4150 attached , parent_tid=[4150], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4150 [pid 4150] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4150] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4149] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4150] <... futex resumed>) = 0 [pid 4149] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4150] memfd_create("syzkaller", 0) = 3 [pid 4150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4150] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4150] close(3) = 0 [pid 4150] mkdir("./file0", 0777) = 0 [pid 4150] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4150] chdir("./file0") = 0 [pid 4150] ioctl(4, LOOP_CLR_FD) = 0 [pid 4150] close(4) = 0 [pid 4150] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4149] <... futex resumed>) = 0 [pid 4150] open(".", O_RDONLY [pid 4149] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4150] <... open resumed>) = 4 [pid 4149] <... futex resumed>) = 0 [pid 4150] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4149] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4150] <... futex resumed>) = 0 [pid 4149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4150] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4149] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4150] <... mkdirat resumed>) = 0 [pid 4149] <... futex resumed>) = 0 [pid 4150] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4149] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4150] <... futex resumed>) = 0 [pid 4149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4150] sync( [pid 4149] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4149] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4149] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4149] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4151], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4151 [pid 4149] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4151 attached [pid 4151] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4149] <... futex resumed>) = 0 [pid 4149] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4151] <... openat resumed>) = 5 [pid 4150] <... sync resumed>) = 0 [pid 4151] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4150] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4151] <... futex resumed>) = 1 [pid 4150] <... futex resumed>) = 0 [pid 4149] <... futex resumed>) = 0 [pid 4149] exit_group(0) = ? [pid 4150] +++ exited with 0 +++ [pid 4151] +++ exited with 0 +++ [pid 4149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4149, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 68.870664][ T4150] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4152 ./strace-static-x86_64: Process 4152 attached [pid 4152] set_robust_list(0x5555563795e0, 24) = 0 [pid 4152] chdir("./173") = 0 [pid 4152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4152] setpgid(0, 0) = 0 [pid 4152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4152] write(3, "1000", 4) = 4 [pid 4152] close(3) = 0 [pid 4152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4152] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4152] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4152] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4153 attached , parent_tid=[4153], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4153 [pid 4153] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4153] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4152] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4153] <... futex resumed>) = 0 [pid 4152] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4153] memfd_create("syzkaller", 0) = 3 [pid 4153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4153] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4153] close(3) = 0 [pid 4153] mkdir("./file0", 0777) = 0 [pid 4153] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4153] chdir("./file0") = 0 [pid 4153] ioctl(4, LOOP_CLR_FD) = 0 [pid 4153] close(4) = 0 [pid 4153] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = 0 [pid 4153] <... futex resumed>) = 1 [pid 4153] open(".", O_RDONLY [pid 4152] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4153] <... open resumed>) = 4 [pid 4153] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4152] <... futex resumed>) = 0 [pid 4152] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4153] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4153] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4152] <... futex resumed>) = 0 [pid 4152] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4152] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4152] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4153] sync(./strace-static-x86_64: Process 4154 attached [pid 4154] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4154] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4152] <... clone resumed>, parent_tid=[4154], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4154 [pid 4152] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4154] <... futex resumed>) = 0 [pid 4152] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4153] <... sync resumed>) = 0 [pid 4153] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4153] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4154] <... openat resumed>) = 5 [pid 4154] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4152] <... futex resumed>) = 0 [pid 4154] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4152] exit_group(0 [pid 4153] <... futex resumed>) = ? [pid 4152] <... exit_group resumed>) = ? [pid 4153] +++ exited with 0 +++ [pid 4154] <... futex resumed>) = ? [pid 4154] +++ exited with 0 +++ [pid 4152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4152, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./173/binderfs") = 0 [ 68.964792][ T4153] loop0: detected capacity change from 0 to 64 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4155 ./strace-static-x86_64: Process 4155 attached [pid 4155] set_robust_list(0x5555563795e0, 24) = 0 [pid 4155] chdir("./174") = 0 [pid 4155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4155] setpgid(0, 0) = 0 [pid 4155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4155] write(3, "1000", 4) = 4 [pid 4155] close(3) = 0 [pid 4155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4155] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4155] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4155] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4156], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4156 [pid 4155] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4155] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4156 attached [pid 4156] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4156] memfd_create("syzkaller", 0) = 3 [pid 4156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4156] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4156] close(3) = 0 [pid 4156] mkdir("./file0", 0777) = 0 [pid 4156] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4156] chdir("./file0") = 0 [pid 4156] ioctl(4, LOOP_CLR_FD) = 0 [pid 4156] close(4) = 0 [pid 4156] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4155] <... futex resumed>) = 0 [pid 4156] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4155] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4155] <... futex resumed>) = 0 [pid 4156] open(".", O_RDONLY [pid 4155] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4156] <... open resumed>) = 4 [pid 4156] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4155] <... futex resumed>) = 0 [pid 4156] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4155] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4155] <... futex resumed>) = 0 [pid 4156] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4155] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4156] <... mkdirat resumed>) = 0 [pid 4156] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4155] <... futex resumed>) = 0 [pid 4156] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4155] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4155] <... futex resumed>) = 0 [pid 4156] sync( [pid 4155] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4155] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4155] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4157 attached , parent_tid=[4157], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4157 [pid 4155] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4155] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4157] set_robust_list(0x7fa6ebe889e0, 24 [pid 4156] <... sync resumed>) = 0 [pid 4157] <... set_robust_list resumed>) = 0 [pid 4156] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4156] <... futex resumed>) = 0 [pid 4156] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4157] <... openat resumed>) = 5 [pid 4157] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4155] <... futex resumed>) = 0 [pid 4157] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4155] exit_group(0 [pid 4157] <... futex resumed>) = ? [pid 4156] <... futex resumed>) = ? [pid 4155] <... exit_group resumed>) = ? [pid 4156] +++ exited with 0 +++ [pid 4157] +++ exited with 0 +++ [pid 4155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4155, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./174/binderfs") = 0 [ 69.038050][ T4156] loop0: detected capacity change from 0 to 64 [ 69.044370][ T3632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 69.044459][ T3632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 69.044610][ T3632] Buffer I/O error on dev loop0, logical block 0, async page read umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4158 ./strace-static-x86_64: Process 4158 attached [pid 4158] set_robust_list(0x5555563795e0, 24) = 0 [pid 4158] chdir("./175") = 0 [pid 4158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4158] setpgid(0, 0) = 0 [pid 4158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4158] write(3, "1000", 4) = 4 [pid 4158] close(3) = 0 [pid 4158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4158] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4158] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4158] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4159 attached , parent_tid=[4159], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4159 [pid 4158] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4158] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4159] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4159] memfd_create("syzkaller", 0) = 3 [pid 4159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4159] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4159] close(3) = 0 [pid 4159] mkdir("./file0", 0777) = 0 [pid 4159] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4159] chdir("./file0") = 0 [pid 4159] ioctl(4, LOOP_CLR_FD) = 0 [pid 4159] close(4) = 0 [pid 4159] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4158] <... futex resumed>) = 0 [pid 4158] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4158] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4159] <... futex resumed>) = 1 [pid 4159] open(".", O_RDONLY) = 4 [pid 4159] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4158] <... futex resumed>) = 0 [pid 4158] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4158] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4159] <... futex resumed>) = 1 [pid 4159] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4159] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4158] <... futex resumed>) = 0 [pid 4159] sync( [pid 4158] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4158] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4158] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4158] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4160 attached , parent_tid=[4160], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4160 [pid 4158] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4160] set_robust_list(0x7fa6ebe889e0, 24 [pid 4158] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4160] <... set_robust_list resumed>) = 0 [pid 4160] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4160] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4158] <... futex resumed>) = 0 [pid 4160] <... futex resumed>) = 1 [pid 4160] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4159] <... sync resumed>) = 0 [pid 4159] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4159] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4158] exit_group(0 [pid 4160] <... futex resumed>) = ? [pid 4159] <... futex resumed>) = ? [pid 4158] <... exit_group resumed>) = ? [pid 4160] +++ exited with 0 +++ [pid 4159] +++ exited with 0 +++ [pid 4158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4158, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./175/binderfs") = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.159462][ T4159] loop0: detected capacity change from 0 to 64 lstat("./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4161 ./strace-static-x86_64: Process 4161 attached [pid 4161] set_robust_list(0x5555563795e0, 24) = 0 [pid 4161] chdir("./176") = 0 [pid 4161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4161] setpgid(0, 0) = 0 [pid 4161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4161] write(3, "1000", 4) = 4 [pid 4161] close(3) = 0 [pid 4161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4161] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4161] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4161] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4162], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4162 [pid 4161] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4162 attached [pid 4162] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4162] memfd_create("syzkaller", 0) = 3 [pid 4162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4162] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4162] close(3) = 0 [pid 4162] mkdir("./file0", 0777) = 0 [pid 4162] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4162] chdir("./file0") = 0 [pid 4162] ioctl(4, LOOP_CLR_FD) = 0 [pid 4162] close(4) = 0 [pid 4162] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4161] <... futex resumed>) = 0 [pid 4162] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4161] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4161] <... futex resumed>) = 0 [pid 4162] open(".", O_RDONLY [pid 4161] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4162] <... open resumed>) = 4 [pid 4162] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4161] <... futex resumed>) = 0 [pid 4162] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4161] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4161] <... futex resumed>) = 0 [pid 4162] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4161] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4162] <... mkdirat resumed>) = 0 [pid 4162] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4161] <... futex resumed>) = 0 [pid 4162] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4161] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4161] <... futex resumed>) = 0 [pid 4162] sync( [pid 4161] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4161] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4161] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4163 attached , parent_tid=[4163], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4163 [pid 4163] set_robust_list(0x7fa6ebe889e0, 24 [pid 4162] <... sync resumed>) = 0 [pid 4161] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4163] <... set_robust_list resumed>) = 0 [pid 4162] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4161] <... futex resumed>) = 0 [pid 4163] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4162] <... futex resumed>) = 0 [pid 4161] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4162] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4163] <... openat resumed>) = 5 [pid 4163] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4161] <... futex resumed>) = 0 [pid 4161] exit_group(0 [pid 4163] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4161] <... exit_group resumed>) = ? [pid 4163] <... futex resumed>) = ? [pid 4162] <... futex resumed>) = ? [pid 4162] +++ exited with 0 +++ [pid 4163] +++ exited with 0 +++ [pid 4161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4161, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4164 ./strace-static-x86_64: Process 4164 attached [pid 4164] set_robust_list(0x5555563795e0, 24) = 0 [pid 4164] chdir("./177") = 0 [ 69.242267][ T4162] loop0: detected capacity change from 0 to 64 [pid 4164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4164] setpgid(0, 0) = 0 [pid 4164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4164] write(3, "1000", 4) = 4 [pid 4164] close(3) = 0 [pid 4164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4164] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4164] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4164] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4165], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4165 [pid 4164] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4164] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4165 attached [pid 4165] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4165] memfd_create("syzkaller", 0) = 3 [pid 4165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4165] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4165] close(3) = 0 [pid 4165] mkdir("./file0", 0777) = 0 [pid 4165] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4165] chdir("./file0") = 0 [pid 4165] ioctl(4, LOOP_CLR_FD) = 0 [pid 4165] close(4) = 0 [pid 4165] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4164] <... futex resumed>) = 0 [pid 4164] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4164] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4165] <... futex resumed>) = 1 [pid 4165] open(".", O_RDONLY) = 4 [pid 4165] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4164] <... futex resumed>) = 0 [pid 4164] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4165] <... futex resumed>) = 1 [pid 4164] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4165] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4165] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4164] <... futex resumed>) = 0 [pid 4165] sync( [pid 4164] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4164] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4164] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4164] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4166 attached [pid 4166] set_robust_list(0x7fa6ebe889e0, 24 [pid 4164] <... clone resumed>, parent_tid=[4166], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4166 [pid 4166] <... set_robust_list resumed>) = 0 [pid 4164] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4166] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4164] <... futex resumed>) = 0 [pid 4166] <... openat resumed>) = 5 [pid 4164] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4166] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4165] <... sync resumed>) = 0 [pid 4164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4166] <... futex resumed>) = 0 [pid 4165] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4166] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4165] <... futex resumed>) = 0 [pid 4165] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4164] exit_group(0 [pid 4166] <... futex resumed>) = ? [pid 4165] <... futex resumed>) = ? [pid 4164] <... exit_group resumed>) = ? [pid 4166] +++ exited with 0 +++ [pid 4165] +++ exited with 0 +++ [pid 4164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4164, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 [ 69.315635][ T4165] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4167 ./strace-static-x86_64: Process 4167 attached [pid 4167] set_robust_list(0x5555563795e0, 24) = 0 [pid 4167] chdir("./178") = 0 [pid 4167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4167] setpgid(0, 0) = 0 [pid 4167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4167] write(3, "1000", 4) = 4 [pid 4167] close(3) = 0 [pid 4167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4167] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4167] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4167] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4168], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4168 [pid 4167] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4168 attached [pid 4168] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4168] memfd_create("syzkaller", 0) = 3 [pid 4168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4167] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4168] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4168] close(3) = 0 [pid 4168] mkdir("./file0", 0777) = 0 [pid 4168] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4168] chdir("./file0") = 0 [pid 4168] ioctl(4, LOOP_CLR_FD) = 0 [pid 4168] close(4) = 0 [pid 4168] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4167] <... futex resumed>) = 0 [pid 4167] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4168] open(".", O_RDONLY) = 4 [pid 4167] <... futex resumed>) = 0 [pid 4167] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4168] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4168] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4167] <... futex resumed>) = 0 [pid 4167] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4167] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4168] <... futex resumed>) = 0 [pid 4168] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4168] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4167] <... futex resumed>) = 0 [pid 4167] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4167] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4167] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4167] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4169], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4169 [pid 4167] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4167] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4168] sync(./strace-static-x86_64: Process 4169 attached [pid 4169] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4169] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4168] <... sync resumed>) = 0 [pid 4168] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4168] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4169] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4167] <... futex resumed>) = 0 [pid 4167] exit_group(0) = ? [pid 4168] <... futex resumed>) = ? [pid 4168] +++ exited with 0 +++ [pid 4169] <... futex resumed>) = ? [pid 4169] +++ exited with 0 +++ [pid 4167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4167, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4170 ./strace-static-x86_64: Process 4170 attached [pid 4170] set_robust_list(0x5555563795e0, 24) = 0 [pid 4170] chdir("./179") = 0 [ 69.406502][ T4168] loop0: detected capacity change from 0 to 64 [pid 4170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4170] setpgid(0, 0) = 0 [pid 4170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4170] write(3, "1000", 4) = 4 [pid 4170] close(3) = 0 [pid 4170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4170] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4170] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4170] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4171 attached [pid 4171] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4171] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4170] <... clone resumed>, parent_tid=[4171], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4171 [pid 4170] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4171] <... futex resumed>) = 0 [pid 4171] memfd_create("syzkaller", 0) = 3 [pid 4171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4170] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4171] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4171] close(3) = 0 [pid 4171] mkdir("./file0", 0777) = 0 [pid 4171] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4171] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4171] chdir("./file0") = 0 [pid 4171] ioctl(4, LOOP_CLR_FD) = 0 [pid 4171] close(4) = 0 [pid 4171] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4170] <... futex resumed>) = 0 [pid 4170] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4170] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4171] <... futex resumed>) = 1 [pid 4171] open(".", O_RDONLY) = 4 [pid 4171] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4170] <... futex resumed>) = 0 [pid 4170] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4170] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4171] <... futex resumed>) = 1 [pid 4171] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4171] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4170] <... futex resumed>) = 0 [pid 4170] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4170] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4170] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4170] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4172], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4172 [pid 4170] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4170] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4171] <... futex resumed>) = 1 [pid 4171] sync(./strace-static-x86_64: Process 4172 attached [pid 4172] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4172] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4172] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4170] <... futex resumed>) = 0 [pid 4172] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4171] <... sync resumed>) = 0 [pid 4171] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4171] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4170] exit_group(0) = ? [pid 4172] <... futex resumed>) = ? [pid 4171] <... futex resumed>) = ? [pid 4172] +++ exited with 0 +++ [pid 4171] +++ exited with 0 +++ [pid 4170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4170, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 69.491576][ T4171] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4173 attached , child_tidptr=0x5555563795d0) = 4173 [pid 4173] set_robust_list(0x5555563795e0, 24) = 0 [pid 4173] chdir("./180") = 0 [pid 4173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4173] setpgid(0, 0) = 0 [pid 4173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4173] write(3, "1000", 4) = 4 [pid 4173] close(3) = 0 [pid 4173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4173] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4173] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4173] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4174 attached , parent_tid=[4174], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4174 [pid 4174] set_robust_list(0x7fa6ebea99e0, 24 [pid 4173] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... set_robust_list resumed>) = 0 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4174] memfd_create("syzkaller", 0) = 3 [pid 4174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4174] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4174] close(3) = 0 [pid 4174] mkdir("./file0", 0777) = 0 [pid 4174] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4174] chdir("./file0") = 0 [pid 4174] ioctl(4, LOOP_CLR_FD) = 0 [pid 4174] close(4) = 0 [pid 4174] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] open(".", O_RDONLY) = 4 [pid 4174] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4174] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] sync( [pid 4173] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4173] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4173] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4175], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4175 [pid 4173] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4175 attached [pid 4175] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4175] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4174] <... sync resumed>) = 0 [pid 4174] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4174] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4175] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] exit_group(0 [pid 4174] <... futex resumed>) = ? [pid 4173] <... exit_group resumed>) = ? [pid 4174] +++ exited with 0 +++ [pid 4175] <... futex resumed>) = ? [pid 4175] +++ exited with 0 +++ [pid 4173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4173, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4176 ./strace-static-x86_64: Process 4176 attached [pid 4176] set_robust_list(0x5555563795e0, 24) = 0 [ 69.563999][ T4174] loop0: detected capacity change from 0 to 64 [pid 4176] chdir("./181") = 0 [pid 4176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4176] setpgid(0, 0) = 0 [pid 4176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4176] write(3, "1000", 4) = 4 [pid 4176] close(3) = 0 [pid 4176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4176] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4176] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4176] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4177], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4177 [pid 4176] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4177 attached [pid 4177] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4177] memfd_create("syzkaller", 0) = 3 [pid 4177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4177] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4177] close(3) = 0 [pid 4177] mkdir("./file0", 0777) = 0 [pid 4177] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4177] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4177] chdir("./file0") = 0 [pid 4177] ioctl(4, LOOP_CLR_FD) = 0 [pid 4177] close(4) = 0 [pid 4177] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4177] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4176] <... futex resumed>) = 0 [pid 4176] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4176] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4177] <... futex resumed>) = 0 [pid 4177] open(".", O_RDONLY) = 4 [pid 4177] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4177] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4176] <... futex resumed>) = 0 [pid 4176] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4176] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4177] <... futex resumed>) = 0 [pid 4177] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4177] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4176] <... futex resumed>) = 0 [pid 4176] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4177] sync( [pid 4176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4176] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4176] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4178], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4178 [pid 4176] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4176] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4178 attached [pid 4178] set_robust_list(0x7fa6ebe889e0, 24 [pid 4177] <... sync resumed>) = 0 [pid 4177] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4178] <... set_robust_list resumed>) = 0 [pid 4177] <... futex resumed>) = 0 [pid 4178] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4177] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4178] <... openat resumed>) = 5 [pid 4178] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4176] <... futex resumed>) = 0 [pid 4176] exit_group(0 [pid 4178] <... futex resumed>) = ? [pid 4177] <... futex resumed>) = ? [pid 4176] <... exit_group resumed>) = ? [pid 4178] +++ exited with 0 +++ [pid 4177] +++ exited with 0 +++ [pid 4176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4176, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.642255][ T4177] loop0: detected capacity change from 0 to 64 lstat("./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4179 attached , child_tidptr=0x5555563795d0) = 4179 [pid 4179] set_robust_list(0x5555563795e0, 24) = 0 [pid 4179] chdir("./182") = 0 [pid 4179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4179] setpgid(0, 0) = 0 [pid 4179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4179] write(3, "1000", 4) = 4 [pid 4179] close(3) = 0 [pid 4179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4179] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4179] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4179] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4180 attached [pid 4180] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4179] <... clone resumed>, parent_tid=[4180], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4180 [pid 4180] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4179] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4180] <... futex resumed>) = 0 [pid 4179] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4180] memfd_create("syzkaller", 0) = 3 [pid 4180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4180] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4180] close(3) = 0 [pid 4180] mkdir("./file0", 0777) = 0 [pid 4180] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4180] chdir("./file0") = 0 [pid 4180] ioctl(4, LOOP_CLR_FD) = 0 [pid 4180] close(4) = 0 [pid 4180] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4179] <... futex resumed>) = 0 [pid 4179] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4179] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4180] open(".", O_RDONLY) = 4 [pid 4180] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4179] <... futex resumed>) = 0 [pid 4179] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4180] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4179] <... futex resumed>) = 0 [pid 4179] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4180] <... mkdirat resumed>) = 0 [pid 4180] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4179] <... futex resumed>) = 0 [pid 4179] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4180] sync( [pid 4179] <... futex resumed>) = 0 [pid 4179] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4179] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4179] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4181], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4181 [pid 4179] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4179] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4181 attached [pid 4181] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4181] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4180] <... sync resumed>) = 0 [pid 4180] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4180] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4181] <... openat resumed>) = 5 [pid 4181] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4179] <... futex resumed>) = 0 [pid 4179] exit_group(0) = ? [pid 4180] <... futex resumed>) = ? [pid 4181] <... futex resumed>) = ? [pid 4180] +++ exited with 0 +++ [pid 4181] +++ exited with 0 +++ [pid 4179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4179, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./182/binderfs") = 0 [ 69.727305][ T4180] loop0: detected capacity change from 0 to 64 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4182 ./strace-static-x86_64: Process 4182 attached [pid 4182] set_robust_list(0x5555563795e0, 24) = 0 [pid 4182] chdir("./183") = 0 [pid 4182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4182] setpgid(0, 0) = 0 [pid 4182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4182] write(3, "1000", 4) = 4 [pid 4182] close(3) = 0 [pid 4182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4182] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4182] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4182] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4183 attached [pid 4183] set_robust_list(0x7fa6ebea99e0, 24 [pid 4182] <... clone resumed>, parent_tid=[4183], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4183 [pid 4183] <... set_robust_list resumed>) = 0 [pid 4183] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4182] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4183] <... futex resumed>) = 0 [pid 4182] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4183] memfd_create("syzkaller", 0) = 3 [pid 4183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4183] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4183] close(3) = 0 [pid 4183] mkdir("./file0", 0777) = 0 [pid 4183] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4183] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4183] chdir("./file0") = 0 [pid 4183] ioctl(4, LOOP_CLR_FD) = 0 [pid 4183] close(4) = 0 [pid 4183] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4182] <... futex resumed>) = 0 [pid 4182] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4182] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4183] open(".", O_RDONLY) = 4 [pid 4183] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4182] <... futex resumed>) = 0 [pid 4183] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4182] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4182] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4183] <... mkdirat resumed>) = 0 [pid 4183] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4182] <... futex resumed>) = 0 [pid 4182] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4182] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4183] sync( [pid 4182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4182] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4182] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4184], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4184 [pid 4182] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4182] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4184 attached [pid 4184] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4184] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4182] <... futex resumed>) = 0 [pid 4184] <... futex resumed>) = 1 [pid 4184] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4183] <... sync resumed>) = 0 [pid 4183] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4183] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4182] exit_group(0) = ? [pid 4183] <... futex resumed>) = ? [pid 4184] <... futex resumed>) = ? [pid 4184] +++ exited with 0 +++ [pid 4183] +++ exited with 0 +++ [pid 4182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4182, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./183/binderfs") = 0 [ 69.842424][ T4183] loop0: detected capacity change from 0 to 64 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4185 ./strace-static-x86_64: Process 4185 attached [pid 4185] set_robust_list(0x5555563795e0, 24) = 0 [pid 4185] chdir("./184") = 0 [pid 4185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4185] setpgid(0, 0) = 0 [pid 4185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4185] write(3, "1000", 4) = 4 [pid 4185] close(3) = 0 [pid 4185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4185] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4185] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4185] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4186 attached , parent_tid=[4186], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4186 [pid 4186] set_robust_list(0x7fa6ebea99e0, 24 [pid 4185] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4186] <... set_robust_list resumed>) = 0 [pid 4185] <... futex resumed>) = 0 [pid 4185] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4186] memfd_create("syzkaller", 0) = 3 [pid 4186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4186] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4186] close(3) = 0 [pid 4186] mkdir("./file0", 0777) = 0 [pid 4186] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4186] chdir("./file0") = 0 [pid 4186] ioctl(4, LOOP_CLR_FD) = 0 [pid 4186] close(4) = 0 [pid 4186] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4185] <... futex resumed>) = 0 [pid 4185] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4185] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4186] open(".", O_RDONLY) = 4 [pid 4186] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4185] <... futex resumed>) = 0 [pid 4185] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4185] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4186] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4186] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4185] <... futex resumed>) = 0 [pid 4185] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4185] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4185] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4186] <... futex resumed>) = 1 [pid 4185] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4187 attached [pid 4186] sync( [pid 4185] <... clone resumed>, parent_tid=[4187], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4187 [pid 4185] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4185] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4187] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4187] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4187] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4185] <... futex resumed>) = 0 [pid 4187] <... futex resumed>) = 1 [pid 4187] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4186] <... sync resumed>) = 0 [pid 4186] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4186] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4185] exit_group(0 [pid 4187] <... futex resumed>) = ? [pid 4185] <... exit_group resumed>) = ? [pid 4187] +++ exited with 0 +++ [pid 4186] <... futex resumed>) = ? [pid 4186] +++ exited with 0 +++ [pid 4185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4185, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.942396][ T4186] loop0: detected capacity change from 0 to 64 lstat("./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4188 ./strace-static-x86_64: Process 4188 attached [pid 4188] set_robust_list(0x5555563795e0, 24) = 0 [pid 4188] chdir("./185") = 0 [pid 4188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4188] setpgid(0, 0) = 0 [pid 4188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4188] write(3, "1000", 4) = 4 [pid 4188] close(3) = 0 [pid 4188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4188] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4188] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4188] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4189 attached , parent_tid=[4189], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4189 [pid 4189] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4189] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4188] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4189] memfd_create("syzkaller", 0) = 3 [pid 4189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4188] <... futex resumed>) = 0 [pid 4189] <... mmap resumed>) = 0x7fa6e3a00000 [pid 4188] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4189] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4189] close(3) = 0 [pid 4189] mkdir("./file0", 0777) = 0 [pid 4189] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4189] chdir("./file0") = 0 [pid 4189] ioctl(4, LOOP_CLR_FD) = 0 [pid 4189] close(4) = 0 [pid 4189] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4188] <... futex resumed>) = 0 [pid 4189] open(".", O_RDONLY [pid 4188] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4189] <... open resumed>) = 4 [pid 4188] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4189] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4188] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4188] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4189] <... futex resumed>) = 1 [pid 4188] <... futex resumed>) = 0 [pid 4189] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4188] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4189] <... mkdirat resumed>) = 0 [pid 4189] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4188] <... futex resumed>) = 0 [pid 4188] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4189] sync( [pid 4188] <... futex resumed>) = 0 [pid 4188] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4188] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4188] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4190 attached [pid 4190] set_robust_list(0x7fa6ebe889e0, 24 [pid 4188] <... clone resumed>, parent_tid=[4190], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4190 [pid 4190] <... set_robust_list resumed>) = 0 [pid 4188] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4190] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4188] <... futex resumed>) = 0 [pid 4188] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4190] <... openat resumed>) = 5 [pid 4190] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4188] <... futex resumed>) = 0 [pid 4190] <... futex resumed>) = 1 [pid 4190] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4189] <... sync resumed>) = 0 [pid 4189] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4189] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4188] exit_group(0 [pid 4189] <... futex resumed>) = ? [pid 4188] <... exit_group resumed>) = ? [pid 4189] +++ exited with 0 +++ [pid 4190] <... futex resumed>) = ? [pid 4190] +++ exited with 0 +++ [pid 4188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4188, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 70.037776][ T4189] loop0: detected capacity change from 0 to 64 unlink("./185/binderfs") = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4191 ./strace-static-x86_64: Process 4191 attached [pid 4191] set_robust_list(0x5555563795e0, 24) = 0 [pid 4191] chdir("./186") = 0 [pid 4191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4191] setpgid(0, 0) = 0 [pid 4191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4191] write(3, "1000", 4) = 4 [pid 4191] close(3) = 0 [pid 4191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4191] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4191] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4191] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4192], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4192 ./strace-static-x86_64: Process 4192 attached [pid 4192] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4192] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4191] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4192] <... futex resumed>) = 0 [pid 4192] memfd_create("syzkaller", 0 [pid 4191] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4192] <... memfd_create resumed>) = 3 [pid 4192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4192] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4192] close(3) = 0 [pid 4192] mkdir("./file0", 0777) = 0 [pid 4192] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4192] chdir("./file0") = 0 [pid 4192] ioctl(4, LOOP_CLR_FD) = 0 [pid 4192] close(4) = 0 [pid 4192] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4191] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4192] <... futex resumed>) = 1 [pid 4192] open(".", O_RDONLY) = 4 [pid 4192] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4191] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4192] <... futex resumed>) = 1 [pid 4192] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4192] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4191] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4191] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4191] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4193 attached , parent_tid=[4193], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4193 [pid 4193] set_robust_list(0x7fa6ebe889e0, 24 [pid 4191] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4191] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4192] <... futex resumed>) = 1 [pid 4192] sync( [pid 4193] <... set_robust_list resumed>) = 0 [pid 4193] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4193] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4191] <... futex resumed>) = 0 [pid 4193] <... futex resumed>) = 1 [pid 4193] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4192] <... sync resumed>) = 0 [pid 4192] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4192] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4191] exit_group(0) = ? [pid 4192] <... futex resumed>) = ? [pid 4192] +++ exited with 0 +++ [pid 4193] <... futex resumed>) = ? [pid 4193] +++ exited with 0 +++ [pid 4191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4191, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./186/binderfs") = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 70.144184][ T4192] loop0: detected capacity change from 0 to 64 rmdir("./186/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4194 ./strace-static-x86_64: Process 4194 attached [pid 4194] set_robust_list(0x5555563795e0, 24) = 0 [pid 4194] chdir("./187") = 0 [pid 4194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4194] setpgid(0, 0) = 0 [pid 4194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4194] write(3, "1000", 4) = 4 [pid 4194] close(3) = 0 [pid 4194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4194] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4194] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4194] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4195 attached [pid 4195] set_robust_list(0x7fa6ebea99e0, 24 [pid 4194] <... clone resumed>, parent_tid=[4195], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4195 [pid 4195] <... set_robust_list resumed>) = 0 [pid 4194] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4195] memfd_create("syzkaller", 0) = 3 [pid 4195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4195] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4195] close(3) = 0 [pid 4195] mkdir("./file0", 0777) = 0 [pid 4195] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4195] chdir("./file0") = 0 [pid 4195] ioctl(4, LOOP_CLR_FD) = 0 [pid 4195] close(4) = 0 [pid 4195] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4194] <... futex resumed>) = 0 [pid 4195] <... futex resumed>) = 1 [pid 4195] open(".", O_RDONLY [pid 4194] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4195] <... open resumed>) = 4 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4194] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4194] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... futex resumed>) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 4195] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4195] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4194] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4195] sync( [pid 4194] <... mprotect resumed>) = 0 [pid 4194] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4196 attached [pid 4196] set_robust_list(0x7fa6ebe889e0, 24 [pid 4194] <... clone resumed>, parent_tid=[4196], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4196 [pid 4196] <... set_robust_list resumed>) = 0 [pid 4194] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4196] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4196] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4196] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4195] <... sync resumed>) = 0 [pid 4195] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4195] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] exit_group(0 [pid 4195] <... futex resumed>) = ? [pid 4194] <... exit_group resumed>) = ? [pid 4195] +++ exited with 0 +++ [pid 4196] <... futex resumed>) = ? [pid 4196] +++ exited with 0 +++ [pid 4194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4194, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 70.233474][ T4195] loop0: detected capacity change from 0 to 64 unlink("./187/binderfs") = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4197 attached , child_tidptr=0x5555563795d0) = 4197 [pid 4197] set_robust_list(0x5555563795e0, 24) = 0 [pid 4197] chdir("./188") = 0 [pid 4197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4197] setpgid(0, 0) = 0 [pid 4197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4197] write(3, "1000", 4) = 4 [pid 4197] close(3) = 0 [pid 4197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4197] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4197] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4197] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4198 attached , parent_tid=[4198], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4198 [pid 4198] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4198] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4197] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4198] memfd_create("syzkaller", 0 [pid 4197] <... futex resumed>) = 0 [pid 4198] <... memfd_create resumed>) = 3 [pid 4198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4197] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4198] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4198] close(3) = 0 [pid 4198] mkdir("./file0", 0777) = 0 [pid 4198] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4198] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4198] chdir("./file0") = 0 [pid 4198] ioctl(4, LOOP_CLR_FD) = 0 [pid 4198] close(4) = 0 [pid 4198] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4197] <... futex resumed>) = 0 [pid 4198] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4197] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4197] <... futex resumed>) = 0 [pid 4198] open(".", O_RDONLY [pid 4197] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4198] <... open resumed>) = 4 [pid 4198] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4197] <... futex resumed>) = 0 [pid 4198] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4197] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4197] <... futex resumed>) = 0 [pid 4198] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4197] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4198] <... mkdirat resumed>) = 0 [pid 4198] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4197] <... futex resumed>) = 0 [pid 4198] sync( [pid 4197] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4197] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4197] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4197] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4199], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4199 [pid 4197] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4197] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4199 attached [pid 4199] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4199] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4199] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4197] <... futex resumed>) = 0 [pid 4199] <... futex resumed>) = 1 [pid 4199] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4198] <... sync resumed>) = 0 [pid 4198] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4198] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4197] exit_group(0 [pid 4198] <... futex resumed>) = ? [pid 4197] <... exit_group resumed>) = ? [pid 4198] +++ exited with 0 +++ [pid 4199] <... futex resumed>) = ? [pid 4199] +++ exited with 0 +++ [pid 4197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4197, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./188/binderfs") = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 70.334501][ T4198] loop0: detected capacity change from 0 to 64 rmdir("./188/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4200 ./strace-static-x86_64: Process 4200 attached [pid 4200] set_robust_list(0x5555563795e0, 24) = 0 [pid 4200] chdir("./189") = 0 [pid 4200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4200] setpgid(0, 0) = 0 [pid 4200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4200] write(3, "1000", 4) = 4 [pid 4200] close(3) = 0 [pid 4200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4200] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4200] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4200] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4201 attached , parent_tid=[4201], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4201 [pid 4201] set_robust_list(0x7fa6ebea99e0, 24 [pid 4200] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4201] <... set_robust_list resumed>) = 0 [pid 4200] <... futex resumed>) = 0 [pid 4200] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4201] memfd_create("syzkaller", 0) = 3 [pid 4201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4201] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4201] close(3) = 0 [pid 4201] mkdir("./file0", 0777) = 0 [pid 4201] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4201] chdir("./file0") = 0 [pid 4201] ioctl(4, LOOP_CLR_FD) = 0 [pid 4201] close(4) = 0 [pid 4201] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4200] <... futex resumed>) = 0 [pid 4201] open(".", O_RDONLY [pid 4200] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4201] <... open resumed>) = 4 [pid 4200] <... futex resumed>) = 0 [pid 4201] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4200] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4201] <... futex resumed>) = 0 [pid 4200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4201] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4200] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4200] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4201] <... mkdirat resumed>) = 0 [pid 4201] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4200] <... futex resumed>) = 0 [pid 4201] sync( [pid 4200] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4200] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4200] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4200] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4202 attached [pid 4202] set_robust_list(0x7fa6ebe889e0, 24 [pid 4200] <... clone resumed>, parent_tid=[4202], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4202 [pid 4200] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4202] <... set_robust_list resumed>) = 0 [pid 4200] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4201] <... sync resumed>) = 0 [pid 4201] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4201] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4202] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4202] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4202] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4200] <... futex resumed>) = 0 [pid 4200] exit_group(0 [pid 4201] <... futex resumed>) = ? [pid 4200] <... exit_group resumed>) = ? [pid 4201] +++ exited with 0 +++ [pid 4202] <... futex resumed>) = ? [pid 4202] +++ exited with 0 +++ [pid 4200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4200, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./189/binderfs") = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 70.429981][ T4201] loop0: detected capacity change from 0 to 64 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4203 ./strace-static-x86_64: Process 4203 attached [pid 4203] set_robust_list(0x5555563795e0, 24) = 0 [pid 4203] chdir("./190") = 0 [pid 4203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4203] setpgid(0, 0) = 0 [pid 4203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4203] write(3, "1000", 4) = 4 [pid 4203] close(3) = 0 [pid 4203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4203] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4203] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4203] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4204 attached , parent_tid=[4204], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4204 [pid 4204] set_robust_list(0x7fa6ebea99e0, 24 [pid 4203] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4204] <... set_robust_list resumed>) = 0 [pid 4203] <... futex resumed>) = 0 [pid 4203] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4204] memfd_create("syzkaller", 0) = 3 [pid 4204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4204] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4204] close(3) = 0 [pid 4204] mkdir("./file0", 0777) = 0 [pid 4204] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4204] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4204] chdir("./file0") = 0 [pid 4204] ioctl(4, LOOP_CLR_FD) = 0 [pid 4204] close(4) = 0 [pid 4204] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4203] <... futex resumed>) = 0 [pid 4203] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4203] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4204] open(".", O_RDONLY) = 4 [pid 4204] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4203] <... futex resumed>) = 0 [pid 4203] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4204] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4203] <... futex resumed>) = 0 [pid 4203] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4204] <... mkdirat resumed>) = 0 [pid 4204] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4203] <... futex resumed>) = 0 [pid 4204] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4203] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4203] <... futex resumed>) = 0 [pid 4203] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4204] sync( [pid 4203] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4203] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4203] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4205 attached [pid 4205] set_robust_list(0x7fa6ebe889e0, 24 [pid 4203] <... clone resumed>, parent_tid=[4205], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4205 [pid 4203] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4203] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4205] <... set_robust_list resumed>) = 0 [pid 4205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4204] <... sync resumed>) = 0 [pid 4204] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4204] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4205] <... openat resumed>) = 5 [pid 4205] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4203] <... futex resumed>) = 0 [pid 4203] exit_group(0 [pid 4204] <... futex resumed>) = ? [pid 4203] <... exit_group resumed>) = ? [pid 4204] +++ exited with 0 +++ [pid 4205] +++ exited with 0 +++ [pid 4203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4203, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./190/binderfs") = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 70.519437][ T4204] loop0: detected capacity change from 0 to 64 rmdir("./190/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4206 ./strace-static-x86_64: Process 4206 attached [pid 4206] set_robust_list(0x5555563795e0, 24) = 0 [pid 4206] chdir("./191") = 0 [pid 4206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4206] setpgid(0, 0) = 0 [pid 4206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4206] write(3, "1000", 4) = 4 [pid 4206] close(3) = 0 [pid 4206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4206] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4206] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4206] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4207], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4207 [pid 4206] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4207 attached [pid 4207] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4207] memfd_create("syzkaller", 0) = 3 [pid 4207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4207] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4207] close(3) = 0 [pid 4207] mkdir("./file0", 0777) = 0 [pid 4207] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4207] chdir("./file0") = 0 [pid 4207] ioctl(4, LOOP_CLR_FD) = 0 [pid 4207] close(4) = 0 [pid 4207] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4206] <... futex resumed>) = 0 [pid 4206] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4207] <... futex resumed>) = 1 [pid 4207] open(".", O_RDONLY) = 4 [pid 4207] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4206] <... futex resumed>) = 0 [pid 4206] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4207] <... futex resumed>) = 1 [pid 4207] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4207] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4206] <... futex resumed>) = 0 [pid 4206] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4206] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4206] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4208], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4208 [pid 4206] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4206] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4207] <... futex resumed>) = 1 [pid 4207] sync(./strace-static-x86_64: Process 4208 attached [pid 4208] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4208] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4206] <... futex resumed>) = 0 [pid 4208] <... futex resumed>) = 1 [pid 4208] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4207] <... sync resumed>) = 0 [pid 4207] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4207] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4206] exit_group(0) = ? [pid 4207] <... futex resumed>) = ? [pid 4207] +++ exited with 0 +++ [pid 4208] <... futex resumed>) = ? [pid 4208] +++ exited with 0 +++ [pid 4206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4206, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./191/binderfs") = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4209 [ 70.612027][ T4207] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 4209 attached [pid 4209] set_robust_list(0x5555563795e0, 24) = 0 [pid 4209] chdir("./192") = 0 [pid 4209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4209] setpgid(0, 0) = 0 [pid 4209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4209] write(3, "1000", 4) = 4 [pid 4209] close(3) = 0 [pid 4209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4209] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4209] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4209] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4210 attached [pid 4210] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4210] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4209] <... clone resumed>, parent_tid=[4210], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4210 [pid 4209] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4210] <... futex resumed>) = 0 [pid 4210] memfd_create("syzkaller", 0 [pid 4209] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4210] <... memfd_create resumed>) = 3 [pid 4210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4210] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4210] close(3) = 0 [pid 4210] mkdir("./file0", 0777) = 0 [pid 4210] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4210] chdir("./file0") = 0 [pid 4210] ioctl(4, LOOP_CLR_FD) = 0 [pid 4210] close(4) = 0 [pid 4210] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4210] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4209] <... futex resumed>) = 0 [pid 4209] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4210] <... futex resumed>) = 0 [pid 4210] open(".", O_RDONLY) = 4 [pid 4209] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4210] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4209] <... futex resumed>) = 0 [pid 4210] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4209] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4209] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4210] <... futex resumed>) = 0 [pid 4210] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4210] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4209] <... futex resumed>) = 0 [pid 4209] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4209] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4210] sync( [pid 4209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4209] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4209] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4211 attached , parent_tid=[4211], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4211 [pid 4209] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4211] set_robust_list(0x7fa6ebe889e0, 24 [pid 4209] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4211] <... set_robust_list resumed>) = 0 [pid 4211] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4211] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4209] <... futex resumed>) = 0 [pid 4211] <... futex resumed>) = 1 [pid 4211] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4210] <... sync resumed>) = 0 [pid 4210] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4209] exit_group(0) = ? [pid 4211] <... futex resumed>) = ? [pid 4211] +++ exited with 0 +++ [pid 4210] <... futex resumed>) = ? [pid 4210] +++ exited with 0 +++ [pid 4209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4209, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./192/binderfs") = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 70.697962][ T4210] loop0: detected capacity change from 0 to 64 [ 70.701308][ T3632] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 lstat("./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4212 ./strace-static-x86_64: Process 4212 attached [pid 4212] set_robust_list(0x5555563795e0, 24) = 0 [pid 4212] chdir("./193") = 0 [pid 4212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4212] setpgid(0, 0) = 0 [pid 4212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4212] write(3, "1000", 4) = 4 [pid 4212] close(3) = 0 [pid 4212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4212] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4212] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4212] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4213 attached , parent_tid=[4213], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4213 [pid 4213] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4212] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4213] memfd_create("syzkaller", 0 [pid 4212] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4213] <... memfd_create resumed>) = 3 [pid 4213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4213] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4213] close(3) = 0 [pid 4213] mkdir("./file0", 0777) = 0 [pid 4213] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4213] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4213] chdir("./file0") = 0 [pid 4213] ioctl(4, LOOP_CLR_FD) = 0 [pid 4213] close(4) = 0 [pid 4213] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4212] <... futex resumed>) = 0 [pid 4212] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4212] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4213] <... futex resumed>) = 1 [pid 4213] open(".", O_RDONLY) = 4 [pid 4213] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4212] <... futex resumed>) = 0 [pid 4212] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4212] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4213] <... futex resumed>) = 1 [pid 4213] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4213] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4212] <... futex resumed>) = 0 [pid 4212] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4212] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4212] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4212] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4214], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4214 [pid 4212] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4213] <... futex resumed>) = 1 [pid 4212] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4213] sync(./strace-static-x86_64: Process 4214 attached [pid 4214] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4213] <... sync resumed>) = 0 [pid 4214] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4213] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4214] <... futex resumed>) = 1 [pid 4212] <... futex resumed>) = 0 [pid 4214] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4212] exit_group(0) = ? [pid 4213] <... futex resumed>) = ? [pid 4213] +++ exited with 0 +++ [pid 4214] <... futex resumed>) = ? [pid 4214] +++ exited with 0 +++ [pid 4212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4212, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./193/binderfs") = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 70.793202][ T4213] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4215 ./strace-static-x86_64: Process 4215 attached [pid 4215] set_robust_list(0x5555563795e0, 24) = 0 [pid 4215] chdir("./194") = 0 [pid 4215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4215] setpgid(0, 0) = 0 [pid 4215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4215] write(3, "1000", 4) = 4 [pid 4215] close(3) = 0 [pid 4215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4215] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4215] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4215] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4216 attached [pid 4216] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4216] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4215] <... clone resumed>, parent_tid=[4216], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4216 [pid 4215] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4215] <... futex resumed>) = 1 [pid 4216] memfd_create("syzkaller", 0 [pid 4215] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4216] <... memfd_create resumed>) = 3 [pid 4216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4216] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4216] close(3) = 0 [pid 4216] mkdir("./file0", 0777) = 0 [pid 4216] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4216] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4216] chdir("./file0") = 0 [pid 4216] ioctl(4, LOOP_CLR_FD) = 0 [pid 4216] close(4) = 0 [pid 4216] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4215] <... futex resumed>) = 0 [pid 4215] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4215] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4216] <... futex resumed>) = 0 [pid 4216] open(".", O_RDONLY) = 4 [pid 4216] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4215] <... futex resumed>) = 0 [pid 4215] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4215] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4216] <... futex resumed>) = 1 [pid 4216] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4216] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4215] <... futex resumed>) = 0 [pid 4215] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4215] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4215] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4216] <... futex resumed>) = 1 [pid 4215] <... mprotect resumed>) = 0 [pid 4216] sync( [pid 4215] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4217 attached , parent_tid=[4217], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4217 [pid 4215] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4215] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4217] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4217] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4215] <... futex resumed>) = 0 [pid 4217] <... futex resumed>) = 1 [pid 4216] <... sync resumed>) = 0 [pid 4217] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 70.879695][ T4216] loop0: detected capacity change from 0 to 64 [pid 4215] exit_group(0 [pid 4217] <... futex resumed>) = ? [pid 4216] <... futex resumed>) = ? [pid 4215] <... exit_group resumed>) = ? [pid 4217] +++ exited with 0 +++ [pid 4216] +++ exited with 0 +++ [pid 4215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4215, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./194/binderfs") = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4218 ./strace-static-x86_64: Process 4218 attached [pid 4218] set_robust_list(0x5555563795e0, 24) = 0 [pid 4218] chdir("./195") = 0 [pid 4218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4218] setpgid(0, 0) = 0 [pid 4218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4218] write(3, "1000", 4) = 4 [pid 4218] close(3) = 0 [pid 4218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4218] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4218] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4218] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4219 attached , parent_tid=[4219], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4219 [pid 4218] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4218] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4219] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4219] memfd_create("syzkaller", 0) = 3 [pid 4219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4219] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4219] close(3) = 0 [pid 4219] mkdir("./file0", 0777) = 0 [pid 4219] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4219] chdir("./file0") = 0 [pid 4219] ioctl(4, LOOP_CLR_FD) = 0 [pid 4219] close(4) = 0 [pid 4219] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4218] <... futex resumed>) = 0 [pid 4218] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4218] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4219] open(".", O_RDONLY) = 4 [pid 4219] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4218] <... futex resumed>) = 0 [pid 4219] <... futex resumed>) = 1 [pid 4218] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4219] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4218] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4219] <... mkdirat resumed>) = 0 [pid 4219] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4218] <... futex resumed>) = 0 [pid 4219] sync( [pid 4218] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4218] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4218] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4218] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4220 attached , parent_tid=[4220], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4220 [pid 4220] set_robust_list(0x7fa6ebe889e0, 24 [pid 4218] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4220] <... set_robust_list resumed>) = 0 [pid 4218] <... futex resumed>) = 0 [pid 4220] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4218] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4220] <... openat resumed>) = 5 [pid 4220] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4218] <... futex resumed>) = 0 [pid 4220] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4219] <... sync resumed>) = 0 [pid 4219] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4219] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4218] exit_group(0 [pid 4220] <... futex resumed>) = ? [pid 4218] <... exit_group resumed>) = ? [pid 4219] <... futex resumed>) = ? [pid 4220] +++ exited with 0 +++ [pid 4219] +++ exited with 0 +++ [pid 4218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4218, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./195/binderfs") = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 70.986214][ T4219] loop0: detected capacity change from 0 to 64 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4221 ./strace-static-x86_64: Process 4221 attached [pid 4221] set_robust_list(0x5555563795e0, 24) = 0 [pid 4221] chdir("./196") = 0 [pid 4221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4221] setpgid(0, 0) = 0 [pid 4221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4221] write(3, "1000", 4) = 4 [pid 4221] close(3) = 0 [pid 4221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4221] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4221] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4221] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4222 attached , parent_tid=[4222], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4222 [pid 4221] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4222] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4222] memfd_create("syzkaller", 0) = 3 [pid 4222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4222] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4222] close(3) = 0 [pid 4222] mkdir("./file0", 0777) = 0 [pid 4222] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4222] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4222] chdir("./file0") = 0 [pid 4222] ioctl(4, LOOP_CLR_FD) = 0 [pid 4222] close(4) = 0 [pid 4222] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4222] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4221] <... futex resumed>) = 0 [pid 4221] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4222] <... futex resumed>) = 0 [pid 4222] open(".", O_RDONLY) = 4 [pid 4221] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4222] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4221] <... futex resumed>) = 0 [pid 4221] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4222] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4221] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4222] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4221] <... futex resumed>) = 0 [pid 4221] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4222] sync( [pid 4221] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4221] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4223], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4223 [pid 4221] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4221] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4223 attached [pid 4223] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4223] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4222] <... sync resumed>) = 0 [pid 4222] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4222] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4223] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4221] <... futex resumed>) = 0 [pid 4221] exit_group(0 [pid 4222] <... futex resumed>) = ? [pid 4221] <... exit_group resumed>) = ? [pid 4222] +++ exited with 0 +++ [pid 4223] <... futex resumed>) = ? [pid 4223] +++ exited with 0 +++ [pid 4221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4221, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./196/binderfs") = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 71.088902][ T4222] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4224 ./strace-static-x86_64: Process 4224 attached [pid 4224] set_robust_list(0x5555563795e0, 24) = 0 [pid 4224] chdir("./197") = 0 [pid 4224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4224] setpgid(0, 0) = 0 [pid 4224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4224] write(3, "1000", 4) = 4 [pid 4224] close(3) = 0 [pid 4224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4224] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4224] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4224] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4225 attached , parent_tid=[4225], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4225 [pid 4224] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4225] set_robust_list(0x7fa6ebea99e0, 24 [pid 4224] <... futex resumed>) = 0 [pid 4225] <... set_robust_list resumed>) = 0 [pid 4224] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4225] memfd_create("syzkaller", 0) = 3 [pid 4225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4225] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4225] close(3) = 0 [pid 4225] mkdir("./file0", 0777) = 0 [pid 4225] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4225] chdir("./file0") = 0 [pid 4225] ioctl(4, LOOP_CLR_FD) = 0 [pid 4225] close(4) = 0 [pid 4225] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4225] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4224] <... futex resumed>) = 0 [pid 4224] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4225] <... futex resumed>) = 0 [pid 4225] open(".", O_RDONLY) = 4 [pid 4224] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4225] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4225] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4224] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4225] <... futex resumed>) = 0 [pid 4224] <... futex resumed>) = 1 [pid 4225] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4224] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4225] <... mkdirat resumed>) = 0 [pid 4225] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4224] <... futex resumed>) = 0 [pid 4225] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4224] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4224] <... futex resumed>) = 0 [pid 4225] sync( [pid 4224] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4224] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4224] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4226], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4226 [pid 4224] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4224] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4226 attached [pid 4225] <... sync resumed>) = 0 [pid 4225] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4225] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4226] set_robust_list(0x7fa6ebe889e0, 24) = 0 [ 71.190529][ T4225] loop0: detected capacity change from 0 to 64 [pid 4226] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4226] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4224] <... futex resumed>) = 0 [pid 4226] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4224] exit_group(0 [pid 4225] <... futex resumed>) = ? [pid 4224] <... exit_group resumed>) = ? [pid 4225] +++ exited with 0 +++ [pid 4226] <... futex resumed>) = ? [pid 4226] +++ exited with 0 +++ [pid 4224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4224, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./197/binderfs") = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4227 ./strace-static-x86_64: Process 4227 attached [pid 4227] set_robust_list(0x5555563795e0, 24) = 0 [pid 4227] chdir("./198") = 0 [pid 4227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4227] setpgid(0, 0) = 0 [pid 4227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4227] write(3, "1000", 4) = 4 [pid 4227] close(3) = 0 [pid 4227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4227] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4227] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4227] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4228], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4228 [pid 4227] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4227] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4228 attached [pid 4228] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4228] memfd_create("syzkaller", 0) = 3 [pid 4228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4228] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4228] close(3) = 0 [pid 4228] mkdir("./file0", 0777) = 0 [pid 4228] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4228] chdir("./file0") = 0 [pid 4228] ioctl(4, LOOP_CLR_FD) = 0 [pid 4228] close(4) = 0 [pid 4228] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4227] <... futex resumed>) = 0 [pid 4228] open(".", O_RDONLY [pid 4227] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4228] <... open resumed>) = 4 [pid 4227] <... futex resumed>) = 0 [pid 4227] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4228] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4227] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4228] <... futex resumed>) = 0 [pid 4227] <... futex resumed>) = 0 [pid 4228] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4227] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4228] <... mkdirat resumed>) = 0 [pid 4228] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4227] <... futex resumed>) = 0 [pid 4227] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4228] sync( [pid 4227] <... futex resumed>) = 0 [pid 4227] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4227] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4227] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4229], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4229 [pid 4227] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4227] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4229 attached [pid 4229] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4229] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4228] <... sync resumed>) = 0 [pid 4228] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4229] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4227] <... futex resumed>) = 0 [pid 4227] exit_group(0) = ? [pid 4228] +++ exited with 0 +++ [pid 4229] +++ exited with 0 +++ [pid 4227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4227, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./198/binderfs") = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 71.347201][ T4228] loop0: detected capacity change from 0 to 64 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4230 ./strace-static-x86_64: Process 4230 attached [pid 4230] set_robust_list(0x5555563795e0, 24) = 0 [pid 4230] chdir("./199") = 0 [pid 4230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4230] setpgid(0, 0) = 0 [pid 4230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4230] write(3, "1000", 4) = 4 [pid 4230] close(3) = 0 [pid 4230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4230] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4230] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4230] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4231], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4231 [pid 4230] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4230] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4231 attached [pid 4231] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4231] memfd_create("syzkaller", 0) = 3 [pid 4231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4231] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4231] close(3) = 0 [pid 4231] mkdir("./file0", 0777) = 0 [pid 4231] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4231] chdir("./file0") = 0 [pid 4231] ioctl(4, LOOP_CLR_FD) = 0 [pid 4231] close(4) = 0 [pid 4231] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4230] <... futex resumed>) = 0 [pid 4230] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4230] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4231] open(".", O_RDONLY) = 4 [pid 4231] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4230] <... futex resumed>) = 0 [pid 4230] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4231] <... futex resumed>) = 1 [pid 4230] <... futex resumed>) = 0 [pid 4230] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4231] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4231] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4230] <... futex resumed>) = 0 [pid 4231] <... futex resumed>) = 1 [pid 4230] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4230] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4231] sync( [ 71.458417][ T4231] loop0: detected capacity change from 0 to 64 [pid 4230] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4230] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4232], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4232 [pid 4230] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4230] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4231] <... sync resumed>) = 0 [pid 4231] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4231] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4232 attached [pid 4232] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4232] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4232] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4230] <... futex resumed>) = 0 [pid 4230] exit_group(0) = ? [pid 4232] <... futex resumed>) = ? [pid 4232] +++ exited with 0 +++ [pid 4231] <... futex resumed>) = ? [pid 4231] +++ exited with 0 +++ [pid 4230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4230, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./199/binderfs") = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4233 ./strace-static-x86_64: Process 4233 attached [pid 4233] set_robust_list(0x5555563795e0, 24) = 0 [pid 4233] chdir("./200") = 0 [pid 4233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4233] setpgid(0, 0) = 0 [pid 4233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4233] write(3, "1000", 4) = 4 [pid 4233] close(3) = 0 [pid 4233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4233] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4233] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4233] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4234], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4234 [pid 4233] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4233] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4234 attached [pid 4234] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4234] memfd_create("syzkaller", 0) = 3 [pid 4234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4234] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4234] close(3) = 0 [pid 4234] mkdir("./file0", 0777) = 0 [pid 4234] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4234] chdir("./file0") = 0 [pid 4234] ioctl(4, LOOP_CLR_FD) = 0 [pid 4234] close(4) = 0 [pid 4234] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4233] <... futex resumed>) = 0 [pid 4233] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4233] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4234] open(".", O_RDONLY) = 4 [pid 4234] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4233] <... futex resumed>) = 0 [pid 4233] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4233] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4234] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4234] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4233] <... futex resumed>) = 0 [pid 4234] sync( [pid 4233] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4233] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4233] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4233] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4235], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4235 [ 71.601386][ T4234] loop0: detected capacity change from 0 to 64 [pid 4233] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4233] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4234] <... sync resumed>) = 0 [pid 4234] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4234] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4235 attached [pid 4235] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4235] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4235] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4233] <... futex resumed>) = 0 [pid 4233] exit_group(0 [pid 4234] <... futex resumed>) = ? [pid 4233] <... exit_group resumed>) = ? [pid 4234] +++ exited with 0 +++ [pid 4235] +++ exited with 0 +++ [pid 4233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4233, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./200/binderfs") = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4236 ./strace-static-x86_64: Process 4236 attached [pid 4236] set_robust_list(0x5555563795e0, 24) = 0 [pid 4236] chdir("./201") = 0 [pid 4236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4236] setpgid(0, 0) = 0 [pid 4236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4236] write(3, "1000", 4) = 4 [pid 4236] close(3) = 0 [pid 4236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4236] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4236] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4236] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4237], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4237 [pid 4236] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4237 attached [pid 4237] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4237] memfd_create("syzkaller", 0) = 3 [pid 4237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4237] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4237] close(3) = 0 [pid 4237] mkdir("./file0", 0777) = 0 [pid 4237] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4237] chdir("./file0") = 0 [pid 4237] ioctl(4, LOOP_CLR_FD) = 0 [pid 4237] close(4) = 0 [pid 4237] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] <... futex resumed>) = 0 [pid 4236] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4237] <... futex resumed>) = 1 [pid 4237] open(".", O_RDONLY) = 4 [pid 4237] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] <... futex resumed>) = 0 [pid 4236] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4237] <... futex resumed>) = 1 [pid 4237] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4237] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] <... futex resumed>) = 0 [pid 4236] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4236] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4236] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4238], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4238 [pid 4236] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4236] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4237] <... futex resumed>) = 1 [pid 4237] sync(./strace-static-x86_64: Process 4238 attached [pid 4238] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4238] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4238] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4236] <... futex resumed>) = 0 [pid 4238] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] <... sync resumed>) = 0 [pid 4237] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4236] exit_group(0 [pid 4237] <... futex resumed>) = ? [pid 4238] <... futex resumed>) = ? [pid 4236] <... exit_group resumed>) = ? [pid 4237] +++ exited with 0 +++ [pid 4238] +++ exited with 0 +++ [pid 4236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4236, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./201/binderfs") = 0 [ 71.737741][ T4237] loop0: detected capacity change from 0 to 64 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4239 ./strace-static-x86_64: Process 4239 attached [pid 4239] set_robust_list(0x5555563795e0, 24) = 0 [pid 4239] chdir("./202") = 0 [pid 4239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4239] setpgid(0, 0) = 0 [pid 4239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4239] write(3, "1000", 4) = 4 [pid 4239] close(3) = 0 [pid 4239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4239] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4239] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4239] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4240], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4240 [pid 4239] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4239] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4240 attached [pid 4240] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4240] memfd_create("syzkaller", 0) = 3 [pid 4240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4240] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4240] close(3) = 0 [pid 4240] mkdir("./file0", 0777) = 0 [pid 4240] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4240] chdir("./file0") = 0 [pid 4240] ioctl(4, LOOP_CLR_FD) = 0 [pid 4240] close(4) = 0 [pid 4240] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4239] <... futex resumed>) = 0 [pid 4239] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4239] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4240] open(".", O_RDONLY) = 4 [pid 4240] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4239] <... futex resumed>) = 0 [pid 4240] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4239] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4240] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4239] <... futex resumed>) = 0 [pid 4240] <... mkdirat resumed>) = 0 [pid 4240] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4239] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4240] <... futex resumed>) = 0 [pid 4240] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4239] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4240] <... futex resumed>) = 0 [pid 4239] <... futex resumed>) = 1 [pid 4240] sync( [pid 4239] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4239] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4239] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4241], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4241 [pid 4239] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4241 attached [pid 4240] <... sync resumed>) = 0 [pid 4239] <... futex resumed>) = 0 [pid 4240] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4239] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4240] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4241] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4241] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4241] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4241] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4239] <... futex resumed>) = 0 [pid 4239] exit_group(0) = ? [pid 4240] <... futex resumed>) = ? [pid 4240] +++ exited with 0 +++ [pid 4241] <... futex resumed>) = ? [pid 4241] +++ exited with 0 +++ [pid 4239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4239, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 71.843947][ T4240] loop0: detected capacity change from 0 to 64 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./202/binderfs") = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4242 ./strace-static-x86_64: Process 4242 attached [pid 4242] set_robust_list(0x5555563795e0, 24) = 0 [pid 4242] chdir("./203") = 0 [pid 4242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4242] setpgid(0, 0) = 0 [pid 4242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4242] write(3, "1000", 4) = 4 [pid 4242] close(3) = 0 [pid 4242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4242] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4242] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4242] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4243 attached , parent_tid=[4243], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4243 [pid 4243] set_robust_list(0x7fa6ebea99e0, 24 [pid 4242] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4243] <... set_robust_list resumed>) = 0 [pid 4242] <... futex resumed>) = 0 [pid 4242] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4243] memfd_create("syzkaller", 0) = 3 [pid 4243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4243] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4243] close(3) = 0 [pid 4243] mkdir("./file0", 0777) = 0 [pid 4243] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4243] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4243] chdir("./file0") = 0 [pid 4243] ioctl(4, LOOP_CLR_FD) = 0 [pid 4243] close(4) = 0 [pid 4243] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4243] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4242] <... futex resumed>) = 0 [pid 4242] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4242] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4243] <... futex resumed>) = 0 [pid 4243] open(".", O_RDONLY) = 4 [pid 4243] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4242] <... futex resumed>) = 0 [pid 4243] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4242] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4242] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4243] <... mkdirat resumed>) = 0 [pid 4243] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4242] <... futex resumed>) = 0 [pid 4243] sync( [pid 4242] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4242] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4242] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4242] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4244], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4244 [pid 4242] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4244 attached ) = 0 [pid 4244] set_robust_list(0x7fa6ebe889e0, 24 [pid 4242] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4244] <... set_robust_list resumed>) = 0 [pid 4244] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4243] <... sync resumed>) = 0 [pid 4244] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4243] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4243] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4244] <... futex resumed>) = 1 [pid 4242] <... futex resumed>) = 0 [pid 4244] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4242] exit_group(0 [pid 4244] <... futex resumed>) = ? [pid 4242] <... exit_group resumed>) = ? [pid 4243] <... futex resumed>) = ? [pid 4243] +++ exited with 0 +++ [pid 4244] +++ exited with 0 +++ [pid 4242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4242, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./203/binderfs") = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 [ 71.948260][ T4243] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4245 ./strace-static-x86_64: Process 4245 attached [pid 4245] set_robust_list(0x5555563795e0, 24) = 0 [pid 4245] chdir("./204") = 0 [pid 4245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4245] setpgid(0, 0) = 0 [pid 4245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4245] write(3, "1000", 4) = 4 [pid 4245] close(3) = 0 [pid 4245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4245] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4245] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4245] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4246 attached , parent_tid=[4246], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4246 [pid 4246] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4246] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4245] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4246] <... futex resumed>) = 0 [pid 4245] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4246] memfd_create("syzkaller", 0) = 3 [pid 4246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4246] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4246] close(3) = 0 [pid 4246] mkdir("./file0", 0777) = 0 [pid 4246] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4246] chdir("./file0") = 0 [pid 4246] ioctl(4, LOOP_CLR_FD) = 0 [pid 4246] close(4) = 0 [pid 4246] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4245] <... futex resumed>) = 0 [pid 4246] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4245] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4245] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4246] open(".", O_RDONLY) = 4 [pid 4246] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4246] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4245] <... futex resumed>) = 0 [pid 4246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4245] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4245] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4246] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4246] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4245] <... futex resumed>) = 0 [pid 4246] sync( [pid 4245] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4245] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4245] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4245] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4247], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4247 [pid 4245] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4245] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4247 attached [pid 4247] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4247] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4246] <... sync resumed>) = 0 [pid 4246] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4246] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4247] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4245] <... futex resumed>) = 0 [pid 4245] exit_group(0) = ? [pid 4247] <... futex resumed>) = ? [pid 4247] +++ exited with 0 +++ [pid 4246] <... futex resumed>) = ? [pid 4246] +++ exited with 0 +++ [pid 4245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4245, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./204/binderfs") = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 72.041318][ T4246] loop0: detected capacity change from 0 to 64 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4248 ./strace-static-x86_64: Process 4248 attached [pid 4248] set_robust_list(0x5555563795e0, 24) = 0 [pid 4248] chdir("./205") = 0 [pid 4248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4248] setpgid(0, 0) = 0 [pid 4248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4248] write(3, "1000", 4) = 4 [pid 4248] close(3) = 0 [pid 4248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4248] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4248] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4248] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4249 attached , parent_tid=[4249], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4249 [pid 4249] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4249] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4248] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4249] <... futex resumed>) = 0 [pid 4248] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4249] memfd_create("syzkaller", 0) = 3 [pid 4249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4249] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4249] close(3) = 0 [pid 4249] mkdir("./file0", 0777) = 0 [pid 4249] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4249] chdir("./file0") = 0 [pid 4249] ioctl(4, LOOP_CLR_FD) = 0 [pid 4249] close(4) = 0 [pid 4249] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4248] <... futex resumed>) = 0 [pid 4248] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4249] open(".", O_RDONLY [pid 4248] <... futex resumed>) = 0 [pid 4249] <... open resumed>) = 4 [pid 4249] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4248] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4249] <... futex resumed>) = 0 [pid 4248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4249] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4248] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4248] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4249] <... mkdirat resumed>) = 0 [pid 4249] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4248] <... futex resumed>) = 0 [pid 4248] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4248] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4248] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4248] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4250], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4250 ./strace-static-x86_64: Process 4250 attached [pid 4248] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4250] set_robust_list(0x7fa6ebe889e0, 24 [pid 4248] <... futex resumed>) = 0 [pid 4250] <... set_robust_list resumed>) = 0 [pid 4248] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4250] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4249] sync( [pid 4250] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4248] <... futex resumed>) = 0 [pid 4250] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4249] <... sync resumed>) = 0 [pid 4249] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4248] exit_group(0 [pid 4250] <... futex resumed>) = ? [pid 4248] <... exit_group resumed>) = ? [pid 4250] +++ exited with 0 +++ [pid 4249] +++ exited with 0 +++ [pid 4248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4248, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./205/binderfs") = 0 [ 72.142863][ T4249] loop0: detected capacity change from 0 to 64 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4251 ./strace-static-x86_64: Process 4251 attached [pid 4251] set_robust_list(0x5555563795e0, 24) = 0 [pid 4251] chdir("./206") = 0 [pid 4251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4251] setpgid(0, 0) = 0 [pid 4251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4251] write(3, "1000", 4) = 4 [pid 4251] close(3) = 0 [pid 4251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4251] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4251] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4251] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4252 attached , parent_tid=[4252], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4252 [pid 4252] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4252] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4251] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4252] <... futex resumed>) = 0 [pid 4251] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4252] memfd_create("syzkaller", 0) = 3 [pid 4252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4252] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4252] close(3) = 0 [pid 4252] mkdir("./file0", 0777) = 0 [pid 4252] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4252] chdir("./file0") = 0 [pid 4252] ioctl(4, LOOP_CLR_FD) = 0 [pid 4252] close(4) = 0 [pid 4252] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4251] <... futex resumed>) = 0 [pid 4251] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4251] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4252] <... futex resumed>) = 1 [pid 4252] open(".", O_RDONLY) = 4 [pid 4252] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4251] <... futex resumed>) = 0 [pid 4251] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4251] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4252] <... futex resumed>) = 1 [pid 4252] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4252] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4251] <... futex resumed>) = 0 [pid 4251] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4251] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4251] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4251] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4253], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4253 [pid 4251] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4251] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4252] <... futex resumed>) = 1 [pid 4252] sync(./strace-static-x86_64: Process 4253 attached [pid 4253] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4253] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4253] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4251] <... futex resumed>) = 0 [pid 4253] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4252] <... sync resumed>) = 0 [pid 4252] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4252] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4251] exit_group(0) = ? [pid 4252] <... futex resumed>) = ? [pid 4252] +++ exited with 0 +++ [pid 4253] <... futex resumed>) = ? [pid 4253] +++ exited with 0 +++ [pid 4251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4251, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./206/binderfs") = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 72.243957][ T4252] loop0: detected capacity change from 0 to 64 rmdir("./206/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4254 attached [pid 4254] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 4254 [pid 4254] <... set_robust_list resumed>) = 0 [pid 4254] chdir("./207") = 0 [pid 4254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4254] setpgid(0, 0) = 0 [pid 4254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4254] write(3, "1000", 4) = 4 [pid 4254] close(3) = 0 [pid 4254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4254] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4254] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4254] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4255 attached , parent_tid=[4255], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4255 [pid 4255] set_robust_list(0x7fa6ebea99e0, 24 [pid 4254] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4255] <... set_robust_list resumed>) = 0 [pid 4254] <... futex resumed>) = 0 [pid 4254] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4255] memfd_create("syzkaller", 0) = 3 [pid 4255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4255] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4255] close(3) = 0 [pid 4255] mkdir("./file0", 0777) = 0 [pid 4255] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4255] chdir("./file0") = 0 [pid 4255] ioctl(4, LOOP_CLR_FD) = 0 [pid 4255] close(4) = 0 [pid 4255] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4254] <... futex resumed>) = 0 [pid 4255] <... futex resumed>) = 1 [pid 4254] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4255] open(".", O_RDONLY [pid 4254] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4255] <... open resumed>) = 4 [pid 4255] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4254] <... futex resumed>) = 0 [pid 4255] <... futex resumed>) = 1 [pid 4254] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4255] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4254] <... futex resumed>) = 0 [pid 4254] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4255] <... mkdirat resumed>) = 0 [pid 4255] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4254] <... futex resumed>) = 0 [pid 4255] <... futex resumed>) = 1 [pid 4254] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4255] sync( [pid 4254] <... futex resumed>) = 0 [pid 4254] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4254] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4254] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4256 attached , parent_tid=[4256], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4256 [pid 4254] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4256] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4254] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4256] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4256] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4254] <... futex resumed>) = 0 [pid 4256] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4255] <... sync resumed>) = 0 [pid 4255] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4255] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4254] exit_group(0 [pid 4256] <... futex resumed>) = ? [pid 4255] <... futex resumed>) = ? [pid 4254] <... exit_group resumed>) = ? [pid 4256] +++ exited with 0 +++ [pid 4255] +++ exited with 0 +++ [pid 4254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4254, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./207/binderfs") = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 72.331175][ T4255] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4257 attached , child_tidptr=0x5555563795d0) = 4257 [pid 4257] set_robust_list(0x5555563795e0, 24) = 0 [pid 4257] chdir("./208") = 0 [pid 4257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4257] setpgid(0, 0) = 0 [pid 4257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4257] write(3, "1000", 4) = 4 [pid 4257] close(3) = 0 [pid 4257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4257] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4257] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4257] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4258 attached [pid 4258] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4258] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4257] <... clone resumed>, parent_tid=[4258], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4258 [pid 4257] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4258] <... futex resumed>) = 0 [pid 4257] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4258] memfd_create("syzkaller", 0) = 3 [pid 4258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4258] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4258] close(3) = 0 [pid 4258] mkdir("./file0", 0777) = 0 [pid 4258] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4258] chdir("./file0") = 0 [pid 4258] ioctl(4, LOOP_CLR_FD) = 0 [pid 4258] close(4) = 0 [pid 4258] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4258] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4257] <... futex resumed>) = 0 [pid 4257] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4258] <... futex resumed>) = 0 [pid 4257] <... futex resumed>) = 1 [pid 4258] open(".", O_RDONLY [pid 4257] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4258] <... open resumed>) = 4 [pid 4258] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4257] <... futex resumed>) = 0 [pid 4258] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4257] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4257] <... futex resumed>) = 0 [pid 4258] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4257] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4258] <... mkdirat resumed>) = 0 [pid 4258] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4257] <... futex resumed>) = 0 [pid 4258] sync( [pid 4257] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4257] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4257] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4258] <... sync resumed>) = 0 [pid 4257] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4258] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4258] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4257] <... clone resumed>, parent_tid=[4259], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4259 [pid 4257] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4257] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4259 attached [pid 4259] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4259] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4259] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4257] <... futex resumed>) = 0 [pid 4257] exit_group(0 [pid 4258] <... futex resumed>) = ? [pid 4257] <... exit_group resumed>) = ? [pid 4258] +++ exited with 0 +++ [pid 4259] +++ exited with 0 +++ [pid 4257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4257, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./208/binderfs") = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 72.420625][ T4258] loop0: detected capacity change from 0 to 64 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4260 ./strace-static-x86_64: Process 4260 attached [pid 4260] set_robust_list(0x5555563795e0, 24) = 0 [pid 4260] chdir("./209") = 0 [pid 4260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4260] setpgid(0, 0) = 0 [pid 4260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4260] write(3, "1000", 4) = 4 [pid 4260] close(3) = 0 [pid 4260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4260] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4260] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4260] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4261 attached [pid 4261] set_robust_list(0x7fa6ebea99e0, 24 [pid 4260] <... clone resumed>, parent_tid=[4261], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4261 [pid 4261] <... set_robust_list resumed>) = 0 [pid 4260] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4260] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4261] memfd_create("syzkaller", 0) = 3 [pid 4261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4261] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4261] close(3) = 0 [pid 4261] mkdir("./file0", 0777) = 0 [pid 4261] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4261] chdir("./file0") = 0 [pid 4261] ioctl(4, LOOP_CLR_FD) = 0 [pid 4261] close(4) = 0 [pid 4261] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4260] <... futex resumed>) = 0 [pid 4261] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4260] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4261] <... futex resumed>) = 0 [pid 4260] <... futex resumed>) = 1 [pid 4261] open(".", O_RDONLY) = 4 [pid 4260] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4261] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4260] <... futex resumed>) = 0 [pid 4261] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4260] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4261] <... mkdirat resumed>) = 0 [pid 4260] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4261] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4260] <... futex resumed>) = 0 [pid 4261] sync( [pid 4260] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4260] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4260] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4260] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4261] <... sync resumed>) = 0 [pid 4261] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4261] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4262 attached [pid 4262] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4262] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4260] <... clone resumed>, parent_tid=[4262], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4262 [pid 4260] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4262] <... futex resumed>) = 0 [pid 4260] <... futex resumed>) = 1 [pid 4262] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4260] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4262] <... openat resumed>) = 5 [pid 4262] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4260] <... futex resumed>) = 0 [pid 4262] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4260] exit_group(0 [pid 4261] <... futex resumed>) = ? [pid 4260] <... exit_group resumed>) = ? [pid 4261] +++ exited with 0 +++ [pid 4262] <... futex resumed>) = ? [pid 4262] +++ exited with 0 +++ [pid 4260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4260, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./209/binderfs") = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 72.518459][ T4261] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4263 ./strace-static-x86_64: Process 4263 attached [pid 4263] set_robust_list(0x5555563795e0, 24) = 0 [pid 4263] chdir("./210") = 0 [pid 4263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4263] setpgid(0, 0) = 0 [pid 4263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4263] write(3, "1000", 4) = 4 [pid 4263] close(3) = 0 [pid 4263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4263] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4263] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4263] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4264 attached , parent_tid=[4264], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4264 [pid 4264] set_robust_list(0x7fa6ebea99e0, 24 [pid 4263] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4263] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4264] <... set_robust_list resumed>) = 0 [pid 4264] memfd_create("syzkaller", 0) = 3 [pid 4264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4264] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4264] close(3) = 0 [pid 4264] mkdir("./file0", 0777) = 0 [pid 4264] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4264] chdir("./file0") = 0 [pid 4264] ioctl(4, LOOP_CLR_FD) = 0 [pid 4264] close(4) = 0 [pid 4264] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4264] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4263] <... futex resumed>) = 0 [pid 4263] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4264] <... futex resumed>) = 0 [pid 4263] <... futex resumed>) = 1 [pid 4264] open(".", O_RDONLY [pid 4263] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4264] <... open resumed>) = 4 [pid 4264] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4263] <... futex resumed>) = 0 [pid 4264] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4263] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4264] <... mkdirat resumed>) = 0 [pid 4263] <... futex resumed>) = 0 [pid 4264] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4263] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4264] <... futex resumed>) = 0 [pid 4263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4264] sync( [pid 4263] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4263] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4263] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4264] <... sync resumed>) = 0 [pid 4263] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4264] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4264] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4265 attached [pid 4263] <... clone resumed>, parent_tid=[4265], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4265 [pid 4265] set_robust_list(0x7fa6ebe889e0, 24 [pid 4263] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4265] <... set_robust_list resumed>) = 0 [pid 4263] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4265] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4265] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4263] <... futex resumed>) = 0 [pid 4265] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4263] exit_group(0 [pid 4264] <... futex resumed>) = ? [pid 4263] <... exit_group resumed>) = ? [pid 4264] +++ exited with 0 +++ [pid 4265] <... futex resumed>) = ? [pid 4265] +++ exited with 0 +++ [pid 4263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4263, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./210/binderfs") = 0 [ 72.597546][ T4264] loop0: detected capacity change from 0 to 64 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4266 ./strace-static-x86_64: Process 4266 attached [pid 4266] set_robust_list(0x5555563795e0, 24) = 0 [pid 4266] chdir("./211") = 0 [pid 4266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4266] setpgid(0, 0) = 0 [pid 4266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4266] write(3, "1000", 4) = 4 [pid 4266] close(3) = 0 [pid 4266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4266] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4266] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4266] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4267], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4267 [pid 4266] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4266] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4267 attached [pid 4267] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4267] memfd_create("syzkaller", 0) = 3 [pid 4267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4267] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4267] close(3) = 0 [pid 4267] mkdir("./file0", 0777) = 0 [pid 4267] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4267] chdir("./file0") = 0 [pid 4267] ioctl(4, LOOP_CLR_FD) = 0 [pid 4267] close(4) = 0 [pid 4267] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4266] <... futex resumed>) = 0 [pid 4267] <... futex resumed>) = 1 [pid 4266] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4266] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4267] open(".", O_RDONLY) = 4 [pid 4267] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4266] <... futex resumed>) = 0 [pid 4267] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4266] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4267] <... futex resumed>) = 0 [pid 4266] <... futex resumed>) = 1 [pid 4267] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4266] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4267] <... mkdirat resumed>) = 0 [pid 4267] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4266] <... futex resumed>) = 0 [pid 4267] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4266] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4267] <... futex resumed>) = 0 [pid 4266] <... futex resumed>) = 1 [pid 4267] sync( [pid 4266] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4266] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4266] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4268], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4268 ./strace-static-x86_64: Process 4268 attached [pid 4268] set_robust_list(0x7fa6ebe889e0, 24 [pid 4266] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4268] <... set_robust_list resumed>) = 0 [pid 4268] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4266] <... futex resumed>) = 0 [pid 4266] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4268] <... openat resumed>) = 5 [pid 4268] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4267] <... sync resumed>) = 0 [pid 4267] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4267] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4266] <... futex resumed>) = 0 [pid 4266] exit_group(0) = ? [pid 4267] <... futex resumed>) = ? [pid 4267] +++ exited with 0 +++ [pid 4268] <... futex resumed>) = ? [pid 4268] +++ exited with 0 +++ [pid 4266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4266, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./211/binderfs") = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 72.698776][ T4267] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4269 ./strace-static-x86_64: Process 4269 attached [pid 4269] set_robust_list(0x5555563795e0, 24) = 0 [pid 4269] chdir("./212") = 0 [pid 4269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4269] setpgid(0, 0) = 0 [pid 4269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4269] write(3, "1000", 4) = 4 [pid 4269] close(3) = 0 [pid 4269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4269] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4269] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4269] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4270], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4270 [pid 4269] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4269] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4270 attached [pid 4270] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4270] memfd_create("syzkaller", 0) = 3 [pid 4270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4270] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4270] close(3) = 0 [pid 4270] mkdir("./file0", 0777) = 0 [pid 4270] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4270] chdir("./file0") = 0 [pid 4270] ioctl(4, LOOP_CLR_FD) = 0 [pid 4270] close(4) = 0 [pid 4270] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4269] <... futex resumed>) = 0 [pid 4269] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4269] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4270] <... futex resumed>) = 1 [pid 4270] open(".", O_RDONLY) = 4 [pid 4270] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4269] <... futex resumed>) = 0 [pid 4269] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4269] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4270] <... futex resumed>) = 1 [pid 4270] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4270] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4269] <... futex resumed>) = 0 [pid 4269] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4269] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4269] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4269] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4271], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4271 [pid 4269] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4269] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4270] <... futex resumed>) = 1 [pid 4270] sync(./strace-static-x86_64: Process 4271 attached [pid 4271] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4271] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4271] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4269] <... futex resumed>) = 0 [pid 4271] <... futex resumed>) = 1 [pid 4271] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4270] <... sync resumed>) = 0 [pid 4270] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4270] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4269] exit_group(0) = ? [pid 4270] <... futex resumed>) = ? [pid 4270] +++ exited with 0 +++ [pid 4271] <... futex resumed>) = ? [pid 4271] +++ exited with 0 +++ [pid 4269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4269, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./212/binderfs") = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 72.771845][ T4270] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4272 ./strace-static-x86_64: Process 4272 attached [pid 4272] set_robust_list(0x5555563795e0, 24) = 0 [pid 4272] chdir("./213") = 0 [pid 4272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4272] setpgid(0, 0) = 0 [pid 4272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4272] write(3, "1000", 4) = 4 [pid 4272] close(3) = 0 [pid 4272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4272] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4272] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4272] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4273 attached , parent_tid=[4273], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4273 [pid 4273] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4273] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4272] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4273] <... futex resumed>) = 0 [pid 4272] <... futex resumed>) = 1 [pid 4272] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4273] memfd_create("syzkaller", 0) = 3 [pid 4273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4273] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4273] close(3) = 0 [pid 4273] mkdir("./file0", 0777) = 0 [pid 4273] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4273] chdir("./file0") = 0 [pid 4273] ioctl(4, LOOP_CLR_FD) = 0 [pid 4273] close(4) = 0 [pid 4273] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4272] <... futex resumed>) = 0 [pid 4272] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4272] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4273] open(".", O_RDONLY) = 4 [pid 4273] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4272] <... futex resumed>) = 0 [pid 4273] <... futex resumed>) = 1 [pid 4272] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4273] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4272] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4273] <... mkdirat resumed>) = 0 [pid 4273] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4272] <... futex resumed>) = 0 [pid 4272] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4272] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4273] sync( [pid 4272] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4272] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4272] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4274 attached , parent_tid=[4274], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4274 [pid 4274] set_robust_list(0x7fa6ebe889e0, 24 [pid 4272] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4274] <... set_robust_list resumed>) = 0 [pid 4272] <... futex resumed>) = 0 [pid 4274] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4272] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4274] <... openat resumed>) = 5 [pid 4274] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4272] <... futex resumed>) = 0 [pid 4274] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4273] <... sync resumed>) = 0 [pid 4273] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4273] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4272] exit_group(0) = ? [pid 4273] <... futex resumed>) = ? [pid 4274] <... futex resumed>) = ? [pid 4273] +++ exited with 0 +++ [pid 4274] +++ exited with 0 +++ [pid 4272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4272, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 72.864916][ T4273] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./213/binderfs") = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4275 attached , child_tidptr=0x5555563795d0) = 4275 [pid 4275] set_robust_list(0x5555563795e0, 24) = 0 [pid 4275] chdir("./214") = 0 [pid 4275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4275] setpgid(0, 0) = 0 [pid 4275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4275] write(3, "1000", 4) = 4 [pid 4275] close(3) = 0 [pid 4275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4275] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4275] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4275] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4276 attached [pid 4276] set_robust_list(0x7fa6ebea99e0, 24 [pid 4275] <... clone resumed>, parent_tid=[4276], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4276 [pid 4276] <... set_robust_list resumed>) = 0 [pid 4275] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4276] memfd_create("syzkaller", 0 [pid 4275] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4276] <... memfd_create resumed>) = 3 [pid 4276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4276] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4276] close(3) = 0 [pid 4276] mkdir("./file0", 0777) = 0 [pid 4276] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4276] chdir("./file0") = 0 [pid 4276] ioctl(4, LOOP_CLR_FD) = 0 [pid 4276] close(4) = 0 [pid 4276] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4275] <... futex resumed>) = 0 [pid 4275] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4275] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4276] <... futex resumed>) = 1 [pid 4276] open(".", O_RDONLY) = 4 [pid 4276] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4275] <... futex resumed>) = 0 [pid 4275] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4276] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4275] <... futex resumed>) = 0 [pid 4275] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4276] <... mkdirat resumed>) = 0 [pid 4276] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4275] <... futex resumed>) = 0 [pid 4275] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4276] sync( [pid 4275] <... futex resumed>) = 0 [pid 4275] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4275] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4275] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4277 attached [pid 4277] set_robust_list(0x7fa6ebe889e0, 24 [pid 4275] <... clone resumed>, parent_tid=[4277], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4277 [pid 4275] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4275] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4277] <... set_robust_list resumed>) = 0 [pid 4277] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4277] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4275] <... futex resumed>) = 0 [pid 4277] <... futex resumed>) = 1 [pid 4277] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4276] <... sync resumed>) = 0 [pid 4276] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4276] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4275] exit_group(0 [pid 4277] <... futex resumed>) = ? [pid 4276] <... futex resumed>) = ? [pid 4275] <... exit_group resumed>) = ? [pid 4277] +++ exited with 0 +++ [pid 4276] +++ exited with 0 +++ [pid 4275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4275, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./214/binderfs") = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 72.967103][ T4276] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4278 attached , child_tidptr=0x5555563795d0) = 4278 [pid 4278] set_robust_list(0x5555563795e0, 24) = 0 [pid 4278] chdir("./215") = 0 [pid 4278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4278] setpgid(0, 0) = 0 [pid 4278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4278] write(3, "1000", 4) = 4 [pid 4278] close(3) = 0 [pid 4278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4278] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4278] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4278] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4279 attached , parent_tid=[4279], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4279 [pid 4279] set_robust_list(0x7fa6ebea99e0, 24 [pid 4278] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4279] <... set_robust_list resumed>) = 0 [pid 4278] <... futex resumed>) = 0 [pid 4279] memfd_create("syzkaller", 0 [pid 4278] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4279] <... memfd_create resumed>) = 3 [pid 4279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4279] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4279] close(3) = 0 [pid 4279] mkdir("./file0", 0777) = 0 [pid 4279] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4279] chdir("./file0") = 0 [pid 4279] ioctl(4, LOOP_CLR_FD) = 0 [pid 4279] close(4) = 0 [pid 4279] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4278] <... futex resumed>) = 0 [pid 4279] <... futex resumed>) = 1 [pid 4278] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4278] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4279] open(".", O_RDONLY) = 4 [pid 4279] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4278] <... futex resumed>) = 0 [pid 4278] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4278] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4279] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4279] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4279] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4278] <... futex resumed>) = 0 [pid 4278] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4278] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4278] <... futex resumed>) = 0 [pid 4278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4278] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4279] sync( [pid 4278] <... mprotect resumed>) = 0 [pid 4278] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4280], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4280 [pid 4278] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4278] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4280 attached [pid 4280] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4280] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4280] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4278] <... futex resumed>) = 0 [pid 4280] <... futex resumed>) = 1 [pid 4280] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4279] <... sync resumed>) = 0 [pid 4279] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4278] exit_group(0) = ? [pid 4280] <... futex resumed>) = ? [pid 4280] +++ exited with 0 +++ [pid 4279] <... futex resumed>) = ? [pid 4279] +++ exited with 0 +++ [pid 4278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4278, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./215/binderfs") = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 73.050349][ T4279] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4281 attached , child_tidptr=0x5555563795d0) = 4281 [pid 4281] set_robust_list(0x5555563795e0, 24) = 0 [pid 4281] chdir("./216") = 0 [pid 4281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4281] setpgid(0, 0) = 0 [pid 4281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4281] write(3, "1000", 4) = 4 [pid 4281] close(3) = 0 [pid 4281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4281] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4281] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4281] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4282 attached [pid 4282] set_robust_list(0x7fa6ebea99e0, 24 [pid 4281] <... clone resumed>, parent_tid=[4282], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4282 [pid 4282] <... set_robust_list resumed>) = 0 [pid 4282] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4281] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4282] <... futex resumed>) = 0 [pid 4281] <... futex resumed>) = 1 [pid 4281] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4282] memfd_create("syzkaller", 0) = 3 [pid 4282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4282] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4282] close(3) = 0 [pid 4282] mkdir("./file0", 0777) = 0 [pid 4282] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4282] chdir("./file0") = 0 [pid 4282] ioctl(4, LOOP_CLR_FD) = 0 [pid 4282] close(4) = 0 [pid 4282] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] open(".", O_RDONLY) = 4 [pid 4282] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4282] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4281] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4281] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4283 attached , parent_tid=[4283], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4283 [pid 4281] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4283] set_robust_list(0x7fa6ebe889e0, 24 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] sync( [pid 4283] <... set_robust_list resumed>) = 0 [pid 4283] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4283] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4281] <... futex resumed>) = 0 [pid 4283] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4282] <... sync resumed>) = 0 [pid 4282] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4282] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4281] exit_group(0) = ? [pid 4282] <... futex resumed>) = ? [pid 4282] +++ exited with 0 +++ [pid 4283] <... futex resumed>) = ? [pid 4283] +++ exited with 0 +++ [pid 4281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4281, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./216/binderfs") = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.128871][ T4282] loop0: detected capacity change from 0 to 64 lstat("./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4284 ./strace-static-x86_64: Process 4284 attached [pid 4284] set_robust_list(0x5555563795e0, 24) = 0 [pid 4284] chdir("./217") = 0 [pid 4284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4284] setpgid(0, 0) = 0 [pid 4284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4284] write(3, "1000", 4) = 4 [pid 4284] close(3) = 0 [pid 4284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4284] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4284] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4284] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4285 attached , parent_tid=[4285], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4285 [pid 4285] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4285] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4284] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4285] <... futex resumed>) = 0 [pid 4284] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4285] memfd_create("syzkaller", 0) = 3 [pid 4285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4285] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4285] close(3) = 0 [pid 4285] mkdir("./file0", 0777) = 0 [pid 4285] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4285] chdir("./file0") = 0 [pid 4285] ioctl(4, LOOP_CLR_FD) = 0 [pid 4285] close(4) = 0 [pid 4285] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4284] <... futex resumed>) = 0 [pid 4284] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4285] open(".", O_RDONLY [pid 4284] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4285] <... open resumed>) = 4 [pid 4285] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4284] <... futex resumed>) = 0 [pid 4285] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4284] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4285] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4284] <... futex resumed>) = 0 [pid 4284] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4285] <... mkdirat resumed>) = 0 [pid 4285] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4284] <... futex resumed>) = 0 [pid 4285] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4284] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4284] <... futex resumed>) = 0 [pid 4285] sync( [pid 4284] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4284] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4284] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4285] <... sync resumed>) = 0 [pid 4285] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4284] <... clone resumed>, parent_tid=[4286], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4286 [pid 4285] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4284] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4286 attached ) = 0 [pid 4286] set_robust_list(0x7fa6ebe889e0, 24 [pid 4284] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4286] <... set_robust_list resumed>) = 0 [pid 4286] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4286] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4284] <... futex resumed>) = 0 [pid 4286] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4284] exit_group(0 [pid 4285] <... futex resumed>) = ? [pid 4284] <... exit_group resumed>) = ? [pid 4285] +++ exited with 0 +++ [pid 4286] <... futex resumed>) = ? [pid 4286] +++ exited with 0 +++ [pid 4284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4284, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./217/binderfs") = 0 [ 73.224387][ T4285] loop0: detected capacity change from 0 to 64 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4287 ./strace-static-x86_64: Process 4287 attached [pid 4287] set_robust_list(0x5555563795e0, 24) = 0 [pid 4287] chdir("./218") = 0 [pid 4287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4287] setpgid(0, 0) = 0 [pid 4287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4287] write(3, "1000", 4) = 4 [pid 4287] close(3) = 0 [pid 4287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4287] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4287] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4287] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4288 attached [pid 4288] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4288] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4287] <... clone resumed>, parent_tid=[4288], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4288 [pid 4287] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4288] <... futex resumed>) = 0 [pid 4287] <... futex resumed>) = 1 [pid 4288] memfd_create("syzkaller", 0 [pid 4287] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4288] <... memfd_create resumed>) = 3 [pid 4288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4288] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4288] close(3) = 0 [pid 4288] mkdir("./file0", 0777) = 0 [pid 4288] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4288] chdir("./file0") = 0 [pid 4288] ioctl(4, LOOP_CLR_FD) = 0 [pid 4288] close(4) = 0 [pid 4288] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4288] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4287] <... futex resumed>) = 0 [pid 4287] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4288] <... futex resumed>) = 0 [pid 4287] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4288] open(".", O_RDONLY) = 4 [pid 4288] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4288] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4287] <... futex resumed>) = 0 [pid 4287] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4287] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4288] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4288] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4288] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4287] <... futex resumed>) = 0 [pid 4287] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4287] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4287] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4287] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4288] sync( [pid 4287] <... mprotect resumed>) = 0 [pid 4287] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4289 attached [pid 4289] set_robust_list(0x7fa6ebe889e0, 24 [pid 4287] <... clone resumed>, parent_tid=[4289], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4289 [pid 4289] <... set_robust_list resumed>) = 0 [pid 4287] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4287] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4289] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4289] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4287] <... futex resumed>) = 0 [pid 4289] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4288] <... sync resumed>) = 0 [pid 4288] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4288] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4287] exit_group(0) = ? [pid 4288] <... futex resumed>) = ? [pid 4289] <... futex resumed>) = ? [pid 4289] +++ exited with 0 +++ [pid 4288] +++ exited with 0 +++ [pid 4287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4287, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./218/binderfs") = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4290 [ 73.319482][ T4288] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 4290 attached [pid 4290] set_robust_list(0x5555563795e0, 24) = 0 [pid 4290] chdir("./219") = 0 [pid 4290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4290] setpgid(0, 0) = 0 [pid 4290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4290] write(3, "1000", 4) = 4 [pid 4290] close(3) = 0 [pid 4290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4290] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4290] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4290] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4291 attached [pid 4291] set_robust_list(0x7fa6ebea99e0, 24 [pid 4290] <... clone resumed>, parent_tid=[4291], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4291 [pid 4290] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4290] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4291] <... set_robust_list resumed>) = 0 [pid 4291] memfd_create("syzkaller", 0) = 3 [pid 4291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4291] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4291] close(3) = 0 [pid 4291] mkdir("./file0", 0777) = 0 [pid 4291] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4291] chdir("./file0") = 0 [pid 4291] ioctl(4, LOOP_CLR_FD) = 0 [pid 4291] close(4) = 0 [pid 4291] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4290] <... futex resumed>) = 0 [pid 4290] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4290] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4291] <... futex resumed>) = 1 [pid 4291] open(".", O_RDONLY) = 4 [pid 4291] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4290] <... futex resumed>) = 0 [pid 4291] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4290] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4291] <... mkdirat resumed>) = 0 [pid 4290] <... futex resumed>) = 0 [pid 4291] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4290] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4291] <... futex resumed>) = 0 [pid 4290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4291] sync( [pid 4290] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4290] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4290] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4290] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4292 attached , parent_tid=[4292], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4292 [pid 4290] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4290] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4292] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4292] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4292] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4290] <... futex resumed>) = 0 [pid 4292] <... futex resumed>) = 1 [pid 4292] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4291] <... sync resumed>) = 0 [pid 4291] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4290] exit_group(0 [pid 4291] <... futex resumed>) = 0 [pid 4292] <... futex resumed>) = ? [pid 4290] <... exit_group resumed>) = ? [pid 4291] +++ exited with 0 +++ [pid 4292] +++ exited with 0 +++ [pid 4290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4290, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./219/binderfs") = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.402189][ T4291] loop0: detected capacity change from 0 to 64 lstat("./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4293 ./strace-static-x86_64: Process 4293 attached [pid 4293] set_robust_list(0x5555563795e0, 24) = 0 [pid 4293] chdir("./220") = 0 [pid 4293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4293] setpgid(0, 0) = 0 [pid 4293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4293] write(3, "1000", 4) = 4 [pid 4293] close(3) = 0 [pid 4293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4293] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4293] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4293] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4294], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4294 [pid 4293] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4293] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4294 attached [pid 4294] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4294] memfd_create("syzkaller", 0) = 3 [pid 4294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4294] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4294] close(3) = 0 [pid 4294] mkdir("./file0", 0777) = 0 [pid 4294] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4294] chdir("./file0") = 0 [pid 4294] ioctl(4, LOOP_CLR_FD) = 0 [pid 4294] close(4) = 0 [pid 4294] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4293] <... futex resumed>) = 0 [pid 4294] open(".", O_RDONLY [pid 4293] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4294] <... open resumed>) = 4 [pid 4293] <... futex resumed>) = 0 [pid 4294] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4293] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4294] <... futex resumed>) = 0 [pid 4293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4294] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4293] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4293] <... futex resumed>) = 0 [pid 4294] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4293] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4294] <... mkdirat resumed>) = 0 [pid 4294] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4293] <... futex resumed>) = 0 [pid 4294] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4293] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4293] <... futex resumed>) = 0 [pid 4294] sync( [pid 4293] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4293] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4293] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4295 attached [pid 4295] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4293] <... clone resumed>, parent_tid=[4295], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4295 [pid 4295] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4293] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4294] <... sync resumed>) = 0 [pid 4293] <... futex resumed>) = 0 [pid 4294] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4293] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4294] <... futex resumed>) = 0 [pid 4294] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4295] <... openat resumed>) = 5 [pid 4295] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4293] <... futex resumed>) = 0 [pid 4295] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4293] exit_group(0 [pid 4295] <... futex resumed>) = ? [pid 4294] <... futex resumed>) = ? [pid 4293] <... exit_group resumed>) = ? [pid 4295] +++ exited with 0 +++ [pid 4294] +++ exited with 0 +++ [pid 4293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4293, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./220/binderfs") = 0 [ 73.498489][ T4294] loop0: detected capacity change from 0 to 64 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4296 ./strace-static-x86_64: Process 4296 attached [pid 4296] set_robust_list(0x5555563795e0, 24) = 0 [pid 4296] chdir("./221") = 0 [pid 4296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4296] setpgid(0, 0) = 0 [pid 4296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4296] write(3, "1000", 4) = 4 [pid 4296] close(3) = 0 [pid 4296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4296] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4296] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4296] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4297 attached , parent_tid=[4297], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4297 [pid 4296] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4297] set_robust_list(0x7fa6ebea99e0, 24 [pid 4296] <... futex resumed>) = 0 [pid 4296] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4297] <... set_robust_list resumed>) = 0 [pid 4297] memfd_create("syzkaller", 0) = 3 [pid 4297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4297] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4297] close(3) = 0 [pid 4297] mkdir("./file0", 0777) = 0 [pid 4297] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4297] chdir("./file0") = 0 [pid 4297] ioctl(4, LOOP_CLR_FD) = 0 [pid 4297] close(4) = 0 [pid 4297] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4296] <... futex resumed>) = 0 [pid 4297] open(".", O_RDONLY [pid 4296] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4297] <... open resumed>) = 4 [pid 4296] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4297] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4296] <... futex resumed>) = 0 [pid 4297] <... futex resumed>) = 1 [pid 4296] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4297] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4296] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4297] <... mkdirat resumed>) = 0 [pid 4297] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4296] <... futex resumed>) = 0 [pid 4297] <... futex resumed>) = 1 [pid 4296] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4296] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4296] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4296] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4298], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4298 [pid 4296] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4296] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4297] sync(./strace-static-x86_64: Process 4298 attached [pid 4298] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4298] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4298] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4296] <... futex resumed>) = 0 [pid 4298] <... futex resumed>) = 1 [pid 4298] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4297] <... sync resumed>) = 0 [pid 4297] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4296] exit_group(0 [pid 4297] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4296] <... exit_group resumed>) = ? [pid 4298] <... futex resumed>) = ? [pid 4298] +++ exited with 0 +++ [pid 4297] <... futex resumed>) = ? [pid 4297] +++ exited with 0 +++ [pid 4296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4296, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./221/binderfs") = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 [ 73.594230][ T4297] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4299 ./strace-static-x86_64: Process 4299 attached [pid 4299] set_robust_list(0x5555563795e0, 24) = 0 [pid 4299] chdir("./222") = 0 [pid 4299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4299] setpgid(0, 0) = 0 [pid 4299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4299] write(3, "1000", 4) = 4 [pid 4299] close(3) = 0 [pid 4299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4299] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4299] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4299] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4300], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4300 [pid 4299] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4299] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4300 attached [pid 4300] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4300] memfd_create("syzkaller", 0) = 3 [pid 4300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4300] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4300] close(3) = 0 [pid 4300] mkdir("./file0", 0777) = 0 [pid 4300] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4300] chdir("./file0") = 0 [pid 4300] ioctl(4, LOOP_CLR_FD) = 0 [pid 4300] close(4) = 0 [pid 4300] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4299] <... futex resumed>) = 0 [pid 4300] <... futex resumed>) = 1 [pid 4299] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4299] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4300] open(".", O_RDONLY) = 4 [pid 4300] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4299] <... futex resumed>) = 0 [pid 4299] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4299] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4300] <... futex resumed>) = 1 [pid 4300] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4300] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4299] <... futex resumed>) = 0 [pid 4300] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4299] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4299] <... futex resumed>) = 0 [pid 4299] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4300] sync( [pid 4299] <... futex resumed>) = 0 [pid 4299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4299] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4299] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4301 attached , parent_tid=[4301], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4301 [pid 4301] set_robust_list(0x7fa6ebe889e0, 24 [pid 4299] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4301] <... set_robust_list resumed>) = 0 [pid 4299] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4301] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4301] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4299] <... futex resumed>) = 0 [pid 4301] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4300] <... sync resumed>) = 0 [pid 4300] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4300] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4299] exit_group(0) = ? [pid 4300] <... futex resumed>) = ? [pid 4301] <... futex resumed>) = ? [pid 4300] +++ exited with 0 +++ [pid 4301] +++ exited with 0 +++ [pid 4299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4299, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./222/binderfs") = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 73.680557][ T4300] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4302 ./strace-static-x86_64: Process 4302 attached [pid 4302] set_robust_list(0x5555563795e0, 24) = 0 [pid 4302] chdir("./223") = 0 [pid 4302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4302] setpgid(0, 0) = 0 [pid 4302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4302] write(3, "1000", 4) = 4 [pid 4302] close(3) = 0 [pid 4302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4302] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4302] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4302] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4303 attached , parent_tid=[4303], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4303 [pid 4303] set_robust_list(0x7fa6ebea99e0, 24 [pid 4302] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4303] <... set_robust_list resumed>) = 0 [pid 4302] <... futex resumed>) = 0 [pid 4302] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4303] memfd_create("syzkaller", 0) = 3 [pid 4303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4303] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4303] close(3) = 0 [pid 4303] mkdir("./file0", 0777) = 0 [pid 4303] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4303] chdir("./file0") = 0 [pid 4303] ioctl(4, LOOP_CLR_FD) = 0 [pid 4303] close(4) = 0 [pid 4303] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4302] <... futex resumed>) = 0 [pid 4303] <... futex resumed>) = 1 [pid 4302] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4303] open(".", O_RDONLY [pid 4302] <... futex resumed>) = 0 [pid 4303] <... open resumed>) = 4 [pid 4302] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4303] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4302] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4303] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4302] <... futex resumed>) = 0 [pid 4302] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4303] <... mkdirat resumed>) = 0 [pid 4303] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4302] <... futex resumed>) = 0 [pid 4303] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4302] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4302] <... futex resumed>) = 0 [pid 4303] sync( [pid 4302] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4302] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4302] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4304 attached [pid 4303] <... sync resumed>) = 0 [pid 4304] set_robust_list(0x7fa6ebe889e0, 24 [pid 4302] <... clone resumed>, parent_tid=[4304], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4304 [pid 4303] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... set_robust_list resumed>) = 0 [pid 4303] <... futex resumed>) = 0 [pid 4302] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4303] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4302] <... futex resumed>) = 0 [pid 4302] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... openat resumed>) = 5 [pid 4304] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4302] <... futex resumed>) = 0 [pid 4304] <... futex resumed>) = 1 [pid 4304] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4302] exit_group(0 [pid 4304] <... futex resumed>) = ? [pid 4303] <... futex resumed>) = ? [pid 4302] <... exit_group resumed>) = ? [pid 4303] +++ exited with 0 +++ [pid 4304] +++ exited with 0 +++ [pid 4302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4302, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./223/binderfs") = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 73.763668][ T4303] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4305 ./strace-static-x86_64: Process 4305 attached [pid 4305] set_robust_list(0x5555563795e0, 24) = 0 [pid 4305] chdir("./224") = 0 [pid 4305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4305] setpgid(0, 0) = 0 [pid 4305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4305] write(3, "1000", 4) = 4 [pid 4305] close(3) = 0 [pid 4305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4305] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4305] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4305] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4306], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4306 [pid 4305] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4305] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4306 attached [pid 4306] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4306] memfd_create("syzkaller", 0) = 3 [pid 4306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4306] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4306] close(3) = 0 [pid 4306] mkdir("./file0", 0777) = 0 [pid 4306] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4306] chdir("./file0") = 0 [pid 4306] ioctl(4, LOOP_CLR_FD) = 0 [pid 4306] close(4) = 0 [pid 4306] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4305] <... futex resumed>) = 0 [pid 4305] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4305] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4306] <... futex resumed>) = 1 [pid 4306] open(".", O_RDONLY) = 4 [pid 4306] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4305] <... futex resumed>) = 0 [pid 4305] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4305] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4306] <... futex resumed>) = 1 [pid 4306] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4306] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4305] <... futex resumed>) = 0 [pid 4305] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4305] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4305] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4305] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4307], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4307 [pid 4305] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4305] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4306] <... futex resumed>) = 1 [pid 4306] sync(./strace-static-x86_64: Process 4307 attached [pid 4307] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4307] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4306] <... sync resumed>) = 0 [pid 4306] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4306] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4307] <... openat resumed>) = 5 [pid 4307] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4305] <... futex resumed>) = 0 [pid 4305] exit_group(0 [pid 4307] ????( [pid 4305] <... exit_group resumed>) = ? [pid 4306] <... futex resumed>) = ? [pid 4306] +++ exited with 0 +++ [pid 4307] <... ???? resumed>) = ? [pid 4307] +++ exited with 0 +++ [pid 4305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4305, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./224/binderfs") = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 73.838447][ T4306] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4308 ./strace-static-x86_64: Process 4308 attached [pid 4308] set_robust_list(0x5555563795e0, 24) = 0 [pid 4308] chdir("./225") = 0 [pid 4308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4308] setpgid(0, 0) = 0 [pid 4308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4308] write(3, "1000", 4) = 4 [pid 4308] close(3) = 0 [pid 4308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4308] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4308] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4308] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4309 attached , parent_tid=[4309], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4309 [pid 4309] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4309] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4308] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4308] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4309] memfd_create("syzkaller", 0) = 3 [pid 4309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4309] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4309] close(3) = 0 [pid 4309] mkdir("./file0", 0777) = 0 [pid 4309] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4309] chdir("./file0") = 0 [pid 4309] ioctl(4, LOOP_CLR_FD) = 0 [pid 4309] close(4) = 0 [pid 4309] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4308] <... futex resumed>) = 0 [pid 4309] open(".", O_RDONLY [pid 4308] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4309] <... open resumed>) = 4 [pid 4308] <... futex resumed>) = 0 [pid 4309] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4308] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4309] <... futex resumed>) = 0 [pid 4308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4309] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4308] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4308] <... futex resumed>) = 0 [pid 4308] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4309] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4309] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4308] <... futex resumed>) = 0 [pid 4308] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4308] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4308] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4309] <... futex resumed>) = 1 [pid 4308] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4309] sync(./strace-static-x86_64: Process 4310 attached [pid 4308] <... clone resumed>, parent_tid=[4310], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4310 [pid 4308] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4308] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4310] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4310] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4310] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4308] <... futex resumed>) = 0 [pid 4309] <... sync resumed>) = 0 [pid 4309] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4309] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4310] <... futex resumed>) = 1 [pid 4310] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4308] exit_group(0 [pid 4310] <... futex resumed>) = ? [pid 4309] <... futex resumed>) = ? [pid 4308] <... exit_group resumed>) = ? [pid 4310] +++ exited with 0 +++ [pid 4309] +++ exited with 0 +++ [pid 4308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4308, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./225/binderfs") = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4311 ./strace-static-x86_64: Process 4311 attached [pid 4311] set_robust_list(0x5555563795e0, 24) = 0 [ 73.921806][ T4309] loop0: detected capacity change from 0 to 64 [pid 4311] chdir("./226") = 0 [pid 4311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4311] setpgid(0, 0) = 0 [pid 4311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4311] write(3, "1000", 4) = 4 [pid 4311] close(3) = 0 [pid 4311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4311] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4311] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4311] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4312 attached [pid 4312] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4312] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4311] <... clone resumed>, parent_tid=[4312], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4312 [pid 4311] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4312] <... futex resumed>) = 0 [pid 4311] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4312] memfd_create("syzkaller", 0) = 3 [pid 4312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4312] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4312] close(3) = 0 [pid 4312] mkdir("./file0", 0777) = 0 [pid 4312] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4312] chdir("./file0") = 0 [pid 4312] ioctl(4, LOOP_CLR_FD) = 0 [pid 4312] close(4) = 0 [pid 4312] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4312] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4311] <... futex resumed>) = 0 [pid 4311] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4311] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4312] <... futex resumed>) = 0 [pid 4312] open(".", O_RDONLY) = 4 [pid 4312] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4311] <... futex resumed>) = 0 [pid 4311] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4311] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4312] <... futex resumed>) = 1 [pid 4312] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4312] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4311] <... futex resumed>) = 0 [pid 4311] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4311] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4311] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4311] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4313], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4313 [pid 4311] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4311] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4312] <... futex resumed>) = 1 [pid 4312] sync() = 0 [pid 4312] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4312] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4313 attached [pid 4313] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4313] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4313] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4311] <... futex resumed>) = 0 [pid 4311] exit_group(0) = ? [pid 4312] <... futex resumed>) = ? [pid 4313] +++ exited with 0 +++ [pid 4312] +++ exited with 0 +++ [pid 4311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4311, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./226/binderfs") = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4314 ./strace-static-x86_64: Process 4314 attached [pid 4314] set_robust_list(0x5555563795e0, 24) = 0 [pid 4314] chdir("./227") = 0 [pid 4314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4314] setpgid(0, 0) = 0 [ 74.008295][ T4312] loop0: detected capacity change from 0 to 64 [pid 4314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4314] write(3, "1000", 4) = 4 [pid 4314] close(3) = 0 [pid 4314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4314] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4314] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4314] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4315], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4315 [pid 4314] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4314] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4315 attached [pid 4315] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4315] memfd_create("syzkaller", 0) = 3 [pid 4315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4315] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4315] close(3) = 0 [pid 4315] mkdir("./file0", 0777) = 0 [pid 4315] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4315] chdir("./file0") = 0 [pid 4315] ioctl(4, LOOP_CLR_FD) = 0 [pid 4315] close(4) = 0 [pid 4315] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4314] <... futex resumed>) = 0 [pid 4315] <... futex resumed>) = 1 [pid 4314] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4314] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4315] open(".", O_RDONLY) = 4 [pid 4315] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4314] <... futex resumed>) = 0 [pid 4315] <... futex resumed>) = 1 [pid 4314] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4314] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4315] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4315] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4314] <... futex resumed>) = 0 [pid 4315] <... futex resumed>) = 1 [pid 4314] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4314] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4315] sync( [pid 4314] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4314] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4316], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4316 [pid 4314] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4314] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4316 attached [pid 4316] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4316] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4316] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4314] <... futex resumed>) = 0 [pid 4316] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4315] <... sync resumed>) = 0 [pid 4315] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4315] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4314] exit_group(0) = ? [pid 4316] <... futex resumed>) = ? [pid 4316] +++ exited with 0 +++ [pid 4315] <... futex resumed>) = ? [pid 4315] +++ exited with 0 +++ [pid 4314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4314, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./227/binderfs") = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 74.081605][ T4315] loop0: detected capacity change from 0 to 64 rmdir("./227/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4317 attached [pid 4317] set_robust_list(0x5555563795e0, 24) = 0 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 4317 [pid 4317] chdir("./228") = 0 [pid 4317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4317] setpgid(0, 0) = 0 [pid 4317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4317] write(3, "1000", 4) = 4 [pid 4317] close(3) = 0 [pid 4317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4317] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4317] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4317] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4318], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4318 [pid 4317] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4317] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4318 attached [pid 4318] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4318] memfd_create("syzkaller", 0) = 3 [pid 4318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4318] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4318] close(3) = 0 [pid 4318] mkdir("./file0", 0777) = 0 [pid 4318] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4318] chdir("./file0") = 0 [pid 4318] ioctl(4, LOOP_CLR_FD) = 0 [pid 4318] close(4) = 0 [pid 4318] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4317] <... futex resumed>) = 0 [pid 4317] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4317] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4318] <... futex resumed>) = 1 [pid 4318] open(".", O_RDONLY) = 4 [pid 4318] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4317] <... futex resumed>) = 0 [pid 4317] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4317] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4318] <... futex resumed>) = 1 [pid 4318] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4318] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4317] <... futex resumed>) = 0 [pid 4317] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4317] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4317] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4317] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4319], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4319 [pid 4317] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4317] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4318] <... futex resumed>) = 1 [pid 4318] sync(./strace-static-x86_64: Process 4319 attached [pid 4319] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4319] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4319] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4317] <... futex resumed>) = 0 [pid 4319] <... futex resumed>) = 1 [pid 4319] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4318] <... sync resumed>) = 0 [pid 4318] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4318] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4317] exit_group(0 [pid 4319] <... futex resumed>) = ? [pid 4318] <... futex resumed>) = ? [pid 4317] <... exit_group resumed>) = ? [pid 4318] +++ exited with 0 +++ [pid 4319] +++ exited with 0 +++ [pid 4317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4317, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 74.166367][ T4318] loop0: detected capacity change from 0 to 64 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./228/binderfs") = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4320 ./strace-static-x86_64: Process 4320 attached [pid 4320] set_robust_list(0x5555563795e0, 24) = 0 [pid 4320] chdir("./229") = 0 [pid 4320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4320] setpgid(0, 0) = 0 [pid 4320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4320] write(3, "1000", 4) = 4 [pid 4320] close(3) = 0 [pid 4320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4320] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4320] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4320] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4321], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4321 [pid 4320] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4320] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4321 attached [pid 4321] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4321] memfd_create("syzkaller", 0) = 3 [pid 4321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4321] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4321] close(3) = 0 [pid 4321] mkdir("./file0", 0777) = 0 [pid 4321] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4321] chdir("./file0") = 0 [pid 4321] ioctl(4, LOOP_CLR_FD) = 0 [pid 4321] close(4) = 0 [pid 4321] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4320] <... futex resumed>) = 0 [pid 4321] <... futex resumed>) = 1 [pid 4320] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4320] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4321] open(".", O_RDONLY) = 4 [pid 4321] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4320] <... futex resumed>) = 0 [pid 4321] <... futex resumed>) = 1 [pid 4320] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4320] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4321] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4321] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4320] <... futex resumed>) = 0 [pid 4321] <... futex resumed>) = 1 [pid 4320] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4320] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4321] sync( [pid 4320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4320] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4320] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4322], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4322 [pid 4320] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4320] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4322 attached [pid 4322] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4322] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4322] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4320] <... futex resumed>) = 0 [pid 4321] <... sync resumed>) = 0 [pid 4321] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4321] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4322] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4320] exit_group(0) = ? [pid 4321] <... futex resumed>) = ? [pid 4321] +++ exited with 0 +++ [pid 4322] <... futex resumed>) = ? [pid 4322] +++ exited with 0 +++ [pid 4320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4320, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./229/binderfs") = 0 [ 74.256192][ T4321] loop0: detected capacity change from 0 to 64 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4323 ./strace-static-x86_64: Process 4323 attached [pid 4323] set_robust_list(0x5555563795e0, 24) = 0 [pid 4323] chdir("./230") = 0 [pid 4323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4323] setpgid(0, 0) = 0 [pid 4323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4323] write(3, "1000", 4) = 4 [pid 4323] close(3) = 0 [pid 4323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4323] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4323] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4323] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4324 attached , parent_tid=[4324], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4324 [pid 4324] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4324] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4323] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4324] <... futex resumed>) = 0 [pid 4323] <... futex resumed>) = 1 [pid 4323] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4324] memfd_create("syzkaller", 0) = 3 [pid 4324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4324] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4324] close(3) = 0 [pid 4324] mkdir("./file0", 0777) = 0 [pid 4324] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4324] chdir("./file0") = 0 [pid 4324] ioctl(4, LOOP_CLR_FD) = 0 [pid 4324] close(4) = 0 [pid 4324] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4323] <... futex resumed>) = 0 [pid 4323] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4323] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4324] <... futex resumed>) = 1 [pid 4324] open(".", O_RDONLY) = 4 [pid 4324] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4323] <... futex resumed>) = 0 [pid 4323] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4323] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4324] <... futex resumed>) = 1 [pid 4324] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4324] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4323] <... futex resumed>) = 0 [pid 4323] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4323] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4323] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4323] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4325], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4325 [pid 4323] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4323] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4324] <... futex resumed>) = 1 [pid 4324] sync(./strace-static-x86_64: Process 4325 attached [pid 4325] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4325] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4325] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4323] <... futex resumed>) = 0 [pid 4325] <... futex resumed>) = 1 [pid 4325] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4324] <... sync resumed>) = 0 [pid 4324] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4323] exit_group(0) = ? [pid 4325] <... futex resumed>) = ? [pid 4325] +++ exited with 0 +++ [pid 4324] +++ exited with 0 +++ [pid 4323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4323, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./230/binderfs") = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.351762][ T4324] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4326 ./strace-static-x86_64: Process 4326 attached [pid 4326] set_robust_list(0x5555563795e0, 24) = 0 [pid 4326] chdir("./231") = 0 [pid 4326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4326] setpgid(0, 0) = 0 [pid 4326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4326] write(3, "1000", 4) = 4 [pid 4326] close(3) = 0 [pid 4326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4326] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4326] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4326] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4327], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4327 [pid 4326] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4327 attached [pid 4327] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4327] memfd_create("syzkaller", 0) = 3 [pid 4327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4327] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4327] close(3) = 0 [pid 4327] mkdir("./file0", 0777) = 0 [pid 4327] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4327] chdir("./file0") = 0 [pid 4327] ioctl(4, LOOP_CLR_FD) = 0 [pid 4327] close(4) = 0 [pid 4327] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4326] <... futex resumed>) = 0 [pid 4326] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4327] open(".", O_RDONLY) = 4 [pid 4327] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4326] <... futex resumed>) = 0 [pid 4326] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4327] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4327] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4326] <... futex resumed>) = 0 [pid 4326] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4327] sync( [pid 4326] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4326] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4328 attached , parent_tid=[4328], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4328 [pid 4328] set_robust_list(0x7fa6ebe889e0, 24 [pid 4326] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4327] <... sync resumed>) = 0 [pid 4326] <... futex resumed>) = 0 [pid 4326] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4327] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4328] <... set_robust_list resumed>) = 0 [pid 4328] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4327] <... futex resumed>) = 0 [ 74.451251][ T4327] loop0: detected capacity change from 0 to 64 [pid 4327] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4328] <... openat resumed>) = 5 [pid 4328] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4326] <... futex resumed>) = 0 [pid 4328] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4326] exit_group(0 [pid 4328] <... futex resumed>) = ? [pid 4327] <... futex resumed>) = ? [pid 4326] <... exit_group resumed>) = ? [pid 4328] +++ exited with 0 +++ [pid 4327] +++ exited with 0 +++ [pid 4326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4326, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./231/binderfs") = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4329 ./strace-static-x86_64: Process 4329 attached [pid 4329] set_robust_list(0x5555563795e0, 24) = 0 [pid 4329] chdir("./232") = 0 [pid 4329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4329] setpgid(0, 0) = 0 [pid 4329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4329] write(3, "1000", 4) = 4 [pid 4329] close(3) = 0 [pid 4329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4329] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4329] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4329] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4330], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4330 [pid 4329] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4329] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4330 attached [pid 4330] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4330] memfd_create("syzkaller", 0) = 3 [pid 4330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4330] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4330] close(3) = 0 [pid 4330] mkdir("./file0", 0777) = 0 [pid 4330] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4330] chdir("./file0") = 0 [pid 4330] ioctl(4, LOOP_CLR_FD) = 0 [pid 4330] close(4) = 0 [pid 4330] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4329] <... futex resumed>) = 0 [pid 4329] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4329] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4330] open(".", O_RDONLY) = 4 [pid 4330] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4329] <... futex resumed>) = 0 [pid 4329] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4329] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4330] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4330] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4329] <... futex resumed>) = 0 [pid 4329] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4329] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4330] sync( [pid 4329] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4329] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4329] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4331], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4331 [pid 4329] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4329] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4331 attached [pid 4331] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4331] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4331] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4330] <... sync resumed>) = 0 [pid 4330] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4329] <... futex resumed>) = 0 [pid 4329] exit_group(0) = ? [pid 4331] <... futex resumed>) = ? [pid 4330] <... futex resumed>) = ? [pid 4331] +++ exited with 0 +++ [pid 4330] +++ exited with 0 +++ [pid 4329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4329, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./232/binderfs") = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.546980][ T4330] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4332 ./strace-static-x86_64: Process 4332 attached [pid 4332] set_robust_list(0x5555563795e0, 24) = 0 [pid 4332] chdir("./233") = 0 [pid 4332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4332] setpgid(0, 0) = 0 [pid 4332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4332] write(3, "1000", 4) = 4 [pid 4332] close(3) = 0 [pid 4332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4332] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4332] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4332] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4333 attached , parent_tid=[4333], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4333 [pid 4332] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4332] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4333] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4333] memfd_create("syzkaller", 0) = 3 [pid 4333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4333] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4333] close(3) = 0 [pid 4333] mkdir("./file0", 0777) = 0 [pid 4333] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4333] chdir("./file0") = 0 [pid 4333] ioctl(4, LOOP_CLR_FD) = 0 [pid 4333] close(4) = 0 [pid 4333] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4333] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4332] <... futex resumed>) = 0 [pid 4332] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4333] <... futex resumed>) = 0 [pid 4332] <... futex resumed>) = 1 [pid 4333] open(".", O_RDONLY [pid 4332] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4333] <... open resumed>) = 4 [pid 4333] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4332] <... futex resumed>) = 0 [pid 4332] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4333] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4332] <... futex resumed>) = 0 [pid 4332] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4333] <... mkdirat resumed>) = 0 [pid 4333] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4332] <... futex resumed>) = 0 [pid 4332] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4332] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4333] sync( [pid 4332] <... futex resumed>) = 0 [pid 4332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4332] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4332] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4334], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4334 ./strace-static-x86_64: Process 4334 attached [pid 4332] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4334] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4334] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4332] <... futex resumed>) = 0 [pid 4332] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4334] <... openat resumed>) = 5 [pid 4334] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4332] <... futex resumed>) = 0 [pid 4333] <... sync resumed>) = 0 [pid 4333] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4334] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4333] <... futex resumed>) = 0 [pid 4333] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4332] exit_group(0 [pid 4334] <... futex resumed>) = ? [pid 4333] <... futex resumed>) = ? [pid 4332] <... exit_group resumed>) = ? [pid 4334] +++ exited with 0 +++ [pid 4333] +++ exited with 0 +++ [pid 4332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.630872][ T4333] loop0: detected capacity change from 0 to 64 lstat("./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./233/binderfs") = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4335 attached [pid 4335] set_robust_list(0x5555563795e0, 24 [pid 3630] <... clone resumed>, child_tidptr=0x5555563795d0) = 4335 [pid 4335] <... set_robust_list resumed>) = 0 [pid 4335] chdir("./234") = 0 [pid 4335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4335] setpgid(0, 0) = 0 [pid 4335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4335] write(3, "1000", 4) = 4 [pid 4335] close(3) = 0 [pid 4335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4335] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4335] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4335] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4336 attached , parent_tid=[4336], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4336 [pid 4336] set_robust_list(0x7fa6ebea99e0, 24 [pid 4335] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4336] <... set_robust_list resumed>) = 0 [pid 4335] <... futex resumed>) = 0 [pid 4336] memfd_create("syzkaller", 0 [pid 4335] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4336] <... memfd_create resumed>) = 3 [pid 4336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4336] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4336] close(3) = 0 [pid 4336] mkdir("./file0", 0777) = 0 [pid 4336] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4336] chdir("./file0") = 0 [pid 4336] ioctl(4, LOOP_CLR_FD) = 0 [pid 4336] close(4) = 0 [pid 4336] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4335] <... futex resumed>) = 0 [pid 4335] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4336] open(".", O_RDONLY [pid 4335] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4336] <... open resumed>) = 4 [pid 4336] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4335] <... futex resumed>) = 0 [pid 4336] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4335] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4336] <... mkdirat resumed>) = 0 [pid 4335] <... futex resumed>) = 0 [pid 4336] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4335] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4336] <... futex resumed>) = 0 [pid 4335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4336] sync( [pid 4335] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4335] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4335] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4335] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4337], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4337 [pid 4335] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4335] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4337 attached [pid 4336] <... sync resumed>) = 0 [pid 4337] set_robust_list(0x7fa6ebe889e0, 24 [pid 4336] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4337] <... set_robust_list resumed>) = 0 [pid 4336] <... futex resumed>) = 0 [pid 4337] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4336] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4337] <... openat resumed>) = 5 [pid 4337] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4335] <... futex resumed>) = 0 [pid 4337] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4335] exit_group(0 [pid 4337] <... futex resumed>) = ? [pid 4336] <... futex resumed>) = ? [pid 4335] <... exit_group resumed>) = ? [pid 4336] +++ exited with 0 +++ [pid 4337] +++ exited with 0 +++ [pid 4335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./234/binderfs") = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 74.721137][ T4336] loop0: detected capacity change from 0 to 64 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4338 attached , child_tidptr=0x5555563795d0) = 4338 [pid 4338] set_robust_list(0x5555563795e0, 24) = 0 [pid 4338] chdir("./235") = 0 [pid 4338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4338] setpgid(0, 0) = 0 [pid 4338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4338] write(3, "1000", 4) = 4 [pid 4338] close(3) = 0 [pid 4338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4338] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4338] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4338] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4339], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4339 ./strace-static-x86_64: Process 4339 attached [pid 4339] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4339] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4338] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4339] <... futex resumed>) = 0 [pid 4338] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4339] memfd_create("syzkaller", 0) = 3 [pid 4339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4339] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4339] close(3) = 0 [pid 4339] mkdir("./file0", 0777) = 0 [pid 4339] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4339] chdir("./file0") = 0 [pid 4339] ioctl(4, LOOP_CLR_FD) = 0 [pid 4339] close(4) = 0 [pid 4339] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4338] <... futex resumed>) = 0 [pid 4338] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4338] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4339] <... futex resumed>) = 1 [pid 4339] open(".", O_RDONLY) = 4 [pid 4339] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4338] <... futex resumed>) = 0 [pid 4338] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4338] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4339] <... futex resumed>) = 1 [pid 4339] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4339] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4338] <... futex resumed>) = 0 [pid 4338] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4338] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4338] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4338] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4340 attached , parent_tid=[4340], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4340 [pid 4338] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4338] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4339] <... futex resumed>) = 1 [pid 4339] sync( [pid 4340] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4340] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4340] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4338] <... futex resumed>) = 0 [pid 4340] <... futex resumed>) = 1 [pid 4340] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4339] <... sync resumed>) = 0 [pid 4339] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4339] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4338] exit_group(0 [pid 4340] <... futex resumed>) = ? [pid 4338] <... exit_group resumed>) = ? [pid 4340] +++ exited with 0 +++ [pid 4339] <... futex resumed>) = ? [pid 4339] +++ exited with 0 +++ [pid 4338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4338, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./235/binderfs") = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.819948][ T4339] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4341 ./strace-static-x86_64: Process 4341 attached [pid 4341] set_robust_list(0x5555563795e0, 24) = 0 [pid 4341] chdir("./236") = 0 [pid 4341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4341] setpgid(0, 0) = 0 [pid 4341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4341] write(3, "1000", 4) = 4 [pid 4341] close(3) = 0 [pid 4341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4341] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4341] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4341] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4342 attached , parent_tid=[4342], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4342 [pid 4341] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4341] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4342] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4342] memfd_create("syzkaller", 0) = 3 [pid 4342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4342] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4342] close(3) = 0 [pid 4342] mkdir("./file0", 0777) = 0 [pid 4342] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4342] chdir("./file0") = 0 [pid 4342] ioctl(4, LOOP_CLR_FD) = 0 [pid 4342] close(4) = 0 [pid 4342] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4341] <... futex resumed>) = 0 [pid 4341] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4341] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4342] <... futex resumed>) = 1 [pid 4342] open(".", O_RDONLY) = 4 [pid 4342] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4341] <... futex resumed>) = 0 [pid 4341] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4341] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4342] <... futex resumed>) = 1 [pid 4342] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4342] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4341] <... futex resumed>) = 0 [pid 4341] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4341] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4341] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4341] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4343], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4343 [pid 4341] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4341] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4342] <... futex resumed>) = 1 [pid 4342] sync(./strace-static-x86_64: Process 4343 attached [pid 4343] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4342] <... sync resumed>) = 0 [pid 4342] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4342] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4343] <... openat resumed>) = 5 [pid 4343] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4341] <... futex resumed>) = 0 [pid 4341] exit_group(0) = ? [pid 4342] <... futex resumed>) = ? [pid 4342] +++ exited with 0 +++ [pid 4343] <... futex resumed>) = ? [pid 4343] +++ exited with 0 +++ [pid 4341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4341, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./236/binderfs") = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./236/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 74.909425][ T4342] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4344 ./strace-static-x86_64: Process 4344 attached [pid 4344] set_robust_list(0x5555563795e0, 24) = 0 [pid 4344] chdir("./237") = 0 [pid 4344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4344] setpgid(0, 0) = 0 [pid 4344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4344] write(3, "1000", 4) = 4 [pid 4344] close(3) = 0 [pid 4344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4344] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4344] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4344] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4345 attached , parent_tid=[4345], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4345 [pid 4345] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4345] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4344] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4345] <... futex resumed>) = 0 [pid 4345] memfd_create("syzkaller", 0 [pid 4344] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4345] <... memfd_create resumed>) = 3 [pid 4345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4345] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4345] close(3) = 0 [pid 4345] mkdir("./file0", 0777) = 0 [pid 4345] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4345] chdir("./file0") = 0 [pid 4345] ioctl(4, LOOP_CLR_FD) = 0 [pid 4345] close(4) = 0 [pid 4345] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4344] <... futex resumed>) = 0 [pid 4344] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4344] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4345] <... futex resumed>) = 1 [pid 4345] open(".", O_RDONLY) = 4 [pid 4345] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4344] <... futex resumed>) = 0 [pid 4344] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4344] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4345] <... futex resumed>) = 1 [pid 4345] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4345] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4344] <... futex resumed>) = 0 [pid 4344] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4344] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4344] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4344] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4346], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4346 [pid 4344] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4344] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4345] <... futex resumed>) = 1 [pid 4345] sync(./strace-static-x86_64: Process 4346 attached [pid 4346] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4346] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4346] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4345] <... sync resumed>) = 0 [pid 4345] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4345] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4346] <... futex resumed>) = 1 [pid 4344] <... futex resumed>) = 0 [pid 4344] exit_group(0) = ? [pid 4345] <... futex resumed>) = ? [pid 4345] +++ exited with 0 +++ [pid 4346] +++ exited with 0 +++ [pid 4344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4344, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./237/binderfs") = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./237/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 74.993784][ T4345] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4347 attached , child_tidptr=0x5555563795d0) = 4347 [pid 4347] set_robust_list(0x5555563795e0, 24) = 0 [pid 4347] chdir("./238") = 0 [pid 4347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4347] setpgid(0, 0) = 0 [pid 4347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4347] write(3, "1000", 4) = 4 [pid 4347] close(3) = 0 [pid 4347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4347] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4347] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4347] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4348], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4348 ./strace-static-x86_64: Process 4348 attached [pid 4347] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4348] set_robust_list(0x7fa6ebea99e0, 24 [pid 4347] <... futex resumed>) = 0 [pid 4347] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4348] <... set_robust_list resumed>) = 0 [pid 4348] memfd_create("syzkaller", 0) = 3 [pid 4348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4348] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4348] close(3) = 0 [pid 4348] mkdir("./file0", 0777) = 0 [pid 4348] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4348] chdir("./file0") = 0 [pid 4348] ioctl(4, LOOP_CLR_FD) = 0 [pid 4348] close(4) = 0 [pid 4348] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4347] <... futex resumed>) = 0 [pid 4347] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4348] <... futex resumed>) = 1 [pid 4348] open(".", O_RDONLY) = 4 [pid 4348] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4347] <... futex resumed>) = 0 [pid 4347] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4348] <... futex resumed>) = 1 [pid 4348] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4348] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4347] <... futex resumed>) = 0 [pid 4347] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4347] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4347] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4349], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4349 [pid 4347] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4348] <... futex resumed>) = 1 [pid 4348] sync(./strace-static-x86_64: Process 4349 attached [pid 4349] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4349] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4349] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4347] <... futex resumed>) = 0 [pid 4349] <... futex resumed>) = 1 [pid 4349] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4348] <... sync resumed>) = 0 [pid 4348] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4348] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4347] exit_group(0 [pid 4349] <... futex resumed>) = ? [pid 4348] <... futex resumed>) = ? [pid 4347] <... exit_group resumed>) = ? [pid 4349] +++ exited with 0 +++ [pid 4348] +++ exited with 0 +++ [pid 4347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4347, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./238/binderfs") = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 [ 75.080949][ T4348] loop0: detected capacity change from 0 to 64 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4350 ./strace-static-x86_64: Process 4350 attached [pid 4350] set_robust_list(0x5555563795e0, 24) = 0 [pid 4350] chdir("./239") = 0 [pid 4350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4350] setpgid(0, 0) = 0 [pid 4350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4350] write(3, "1000", 4) = 4 [pid 4350] close(3) = 0 [pid 4350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4350] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4350] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4350] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4351 attached [pid 4351] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4351] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4350] <... clone resumed>, parent_tid=[4351], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4351 [pid 4350] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4351] <... futex resumed>) = 0 [pid 4350] <... futex resumed>) = 1 [pid 4351] memfd_create("syzkaller", 0 [pid 4350] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4351] <... memfd_create resumed>) = 3 [pid 4351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4351] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4351] close(3) = 0 [pid 4351] mkdir("./file0", 0777) = 0 [pid 4351] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4351] chdir("./file0") = 0 [pid 4351] ioctl(4, LOOP_CLR_FD) = 0 [pid 4351] close(4) = 0 [pid 4351] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4350] <... futex resumed>) = 0 [pid 4351] open(".", O_RDONLY [pid 4350] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4351] <... open resumed>) = 4 [pid 4350] <... futex resumed>) = 0 [pid 4351] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4350] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4351] <... futex resumed>) = 0 [pid 4350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4351] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4350] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4351] <... mkdirat resumed>) = 0 [pid 4350] <... futex resumed>) = 0 [pid 4351] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4350] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4351] <... futex resumed>) = 0 [pid 4350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4351] sync( [pid 4350] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4350] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4350] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4350] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4352], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4352 [pid 4350] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4350] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4351] <... sync resumed>) = 0 [pid 4351] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4351] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4352 attached [pid 4352] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4352] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4352] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4350] <... futex resumed>) = 0 [pid 4350] exit_group(0 [pid 4352] <... futex resumed>) = 1 [pid 4351] <... futex resumed>) = ? [pid 4350] <... exit_group resumed>) = ? [pid 4351] +++ exited with 0 +++ [pid 4352] +++ exited with 0 +++ [pid 4350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4350, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./239/binderfs") = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 75.163015][ T4351] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4353 ./strace-static-x86_64: Process 4353 attached [pid 4353] set_robust_list(0x5555563795e0, 24) = 0 [pid 4353] chdir("./240") = 0 [pid 4353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4353] setpgid(0, 0) = 0 [pid 4353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4353] write(3, "1000", 4) = 4 [pid 4353] close(3) = 0 [pid 4353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4353] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4353] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4353] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4354 attached , parent_tid=[4354], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4354 [pid 4354] set_robust_list(0x7fa6ebea99e0, 24 [pid 4353] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4354] <... set_robust_list resumed>) = 0 [pid 4353] <... futex resumed>) = 0 [pid 4354] memfd_create("syzkaller", 0 [pid 4353] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4354] <... memfd_create resumed>) = 3 [pid 4354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4354] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4354] close(3) = 0 [pid 4354] mkdir("./file0", 0777) = 0 [pid 4354] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4354] chdir("./file0") = 0 [pid 4354] ioctl(4, LOOP_CLR_FD) = 0 [pid 4354] close(4) = 0 [pid 4354] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4353] <... futex resumed>) = 0 [pid 4354] open(".", O_RDONLY [pid 4353] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4354] <... open resumed>) = 4 [pid 4354] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4354] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 4353] <... futex resumed>) = 1 [pid 4354] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4353] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4353] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4354] <... futex resumed>) = 0 [pid 4353] <... futex resumed>) = 1 [pid 4354] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4353] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4354] <... mkdirat resumed>) = 0 [pid 4354] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4353] <... futex resumed>) = 0 [pid 4354] sync( [pid 4353] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4353] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4353] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4353] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4355 attached [pid 4354] <... sync resumed>) = 0 [pid 4355] set_robust_list(0x7fa6ebe889e0, 24 [pid 4353] <... clone resumed>, parent_tid=[4355], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4355 [pid 4355] <... set_robust_list resumed>) = 0 [pid 4353] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4355] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4354] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4353] <... futex resumed>) = 0 [pid 4353] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4355] <... openat resumed>) = 5 [pid 4354] <... futex resumed>) = 0 [pid 4355] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4354] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4353] <... futex resumed>) = 0 [pid 4355] <... futex resumed>) = 1 [pid 4355] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4353] exit_group(0 [pid 4355] <... futex resumed>) = ? [pid 4354] <... futex resumed>) = ? [pid 4353] <... exit_group resumed>) = ? [pid 4354] +++ exited with 0 +++ [pid 4355] +++ exited with 0 +++ [pid 4353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4353, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./240/binderfs") = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 [ 75.249180][ T4354] loop0: detected capacity change from 0 to 64 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4356 ./strace-static-x86_64: Process 4356 attached [pid 4356] set_robust_list(0x5555563795e0, 24) = 0 [pid 4356] chdir("./241") = 0 [pid 4356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4356] setpgid(0, 0) = 0 [pid 4356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4356] write(3, "1000", 4) = 4 [pid 4356] close(3) = 0 [pid 4356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4356] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4356] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4356] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4357 attached , parent_tid=[4357], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4357 [pid 4356] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4356] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4357] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4357] memfd_create("syzkaller", 0) = 3 [pid 4357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4357] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4357] close(3) = 0 [pid 4357] mkdir("./file0", 0777) = 0 [pid 4357] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4357] chdir("./file0") = 0 [pid 4357] ioctl(4, LOOP_CLR_FD) = 0 [pid 4357] close(4) = 0 [pid 4357] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4356] <... futex resumed>) = 0 [pid 4356] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4356] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4357] <... futex resumed>) = 1 [pid 4357] open(".", O_RDONLY) = 4 [pid 4357] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4356] <... futex resumed>) = 0 [pid 4356] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4356] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4357] <... futex resumed>) = 1 [pid 4357] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4357] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4356] <... futex resumed>) = 0 [pid 4356] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4357] <... futex resumed>) = 1 [pid 4356] <... futex resumed>) = 0 [pid 4357] sync( [pid 4356] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4356] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4356] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4358], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4358 [pid 4356] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4356] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4357] <... sync resumed>) = 0 [pid 4357] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4357] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4358 attached [pid 4358] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4358] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4358] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4356] <... futex resumed>) = 0 [pid 4358] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4356] exit_group(0 [pid 4358] <... futex resumed>) = ? [pid 4357] <... futex resumed>) = ? [pid 4356] <... exit_group resumed>) = ? [pid 4358] +++ exited with 0 +++ [pid 4357] +++ exited with 0 +++ [pid 4356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4356, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./241/binderfs") = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file0") = 0 [ 75.334254][ T4357] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4359 ./strace-static-x86_64: Process 4359 attached [pid 4359] set_robust_list(0x5555563795e0, 24) = 0 [pid 4359] chdir("./242") = 0 [pid 4359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4359] setpgid(0, 0) = 0 [pid 4359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4359] write(3, "1000", 4) = 4 [pid 4359] close(3) = 0 [pid 4359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4359] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4359] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4359] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4360 attached , parent_tid=[4360], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4360 [pid 4360] set_robust_list(0x7fa6ebea99e0, 24 [pid 4359] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4360] <... set_robust_list resumed>) = 0 [pid 4359] <... futex resumed>) = 0 [pid 4360] memfd_create("syzkaller", 0 [pid 4359] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4360] <... memfd_create resumed>) = 3 [pid 4360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4360] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4360] close(3) = 0 [pid 4360] mkdir("./file0", 0777) = 0 [pid 4360] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4360] chdir("./file0") = 0 [pid 4360] ioctl(4, LOOP_CLR_FD) = 0 [pid 4360] close(4) = 0 [pid 4360] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4359] <... futex resumed>) = 0 [pid 4360] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4359] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4359] <... futex resumed>) = 0 [pid 4360] open(".", O_RDONLY [pid 4359] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4360] <... open resumed>) = 4 [pid 4360] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4359] <... futex resumed>) = 0 [pid 4360] <... futex resumed>) = 1 [pid 4359] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4360] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4359] <... futex resumed>) = 0 [pid 4359] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4360] <... mkdirat resumed>) = 0 [pid 4360] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4359] <... futex resumed>) = 0 [pid 4360] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4359] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4359] <... futex resumed>) = 0 [pid 4360] sync( [pid 4359] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4359] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4359] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4361], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4361 [pid 4359] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4361 attached [pid 4359] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4361] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4361] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4360] <... sync resumed>) = 0 [pid 4360] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4360] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4361] <... openat resumed>) = 5 [pid 4361] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4359] <... futex resumed>) = 0 [pid 4361] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4359] exit_group(0) = ? [pid 4360] <... futex resumed>) = ? [pid 4360] +++ exited with 0 +++ [pid 4361] <... futex resumed>) = ? [pid 4361] +++ exited with 0 +++ [pid 4359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4359, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./242/binderfs") = 0 [ 75.420070][ T4360] loop0: detected capacity change from 0 to 64 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4362 ./strace-static-x86_64: Process 4362 attached [pid 4362] set_robust_list(0x5555563795e0, 24) = 0 [pid 4362] chdir("./243") = 0 [pid 4362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4362] setpgid(0, 0) = 0 [pid 4362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4362] write(3, "1000", 4) = 4 [pid 4362] close(3) = 0 [pid 4362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4362] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4362] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4362] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4363 attached , parent_tid=[4363], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4363 [pid 4363] set_robust_list(0x7fa6ebea99e0, 24 [pid 4362] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4363] <... set_robust_list resumed>) = 0 [pid 4362] <... futex resumed>) = 0 [pid 4362] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4363] memfd_create("syzkaller", 0) = 3 [pid 4363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4363] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4363] close(3) = 0 [pid 4363] mkdir("./file0", 0777) = 0 [pid 4363] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4363] chdir("./file0") = 0 [pid 4363] ioctl(4, LOOP_CLR_FD) = 0 [pid 4363] close(4) = 0 [pid 4363] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4363] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4362] <... futex resumed>) = 0 [pid 4362] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4362] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4363] <... futex resumed>) = 0 [pid 4363] open(".", O_RDONLY) = 4 [pid 4363] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4362] <... futex resumed>) = 0 [pid 4362] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4362] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4363] <... futex resumed>) = 1 [pid 4363] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4363] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4362] <... futex resumed>) = 0 [pid 4362] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4362] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4362] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4362] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4364], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4364 [pid 4362] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4362] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4363] <... futex resumed>) = 1 [pid 4363] sync(./strace-static-x86_64: Process 4364 attached [pid 4364] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4364] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4364] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4363] <... sync resumed>) = 0 [pid 4364] <... futex resumed>) = 1 [pid 4362] <... futex resumed>) = 0 [pid 4364] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4363] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4363] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4362] exit_group(0) = ? [pid 4363] <... futex resumed>) = ? [pid 4364] <... futex resumed>) = ? [pid 4363] +++ exited with 0 +++ [pid 4364] +++ exited with 0 +++ [pid 4362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4362, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./243/binderfs") = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 75.516406][ T4363] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4365 ./strace-static-x86_64: Process 4365 attached [pid 4365] set_robust_list(0x5555563795e0, 24) = 0 [pid 4365] chdir("./244") = 0 [pid 4365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4365] setpgid(0, 0) = 0 [pid 4365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4365] write(3, "1000", 4) = 4 [pid 4365] close(3) = 0 [pid 4365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4365] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4365] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4365] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4366 attached [pid 4366] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4365] <... clone resumed>, parent_tid=[4366], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4366 [pid 4366] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4365] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4365] <... futex resumed>) = 0 [pid 4365] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4366] memfd_create("syzkaller", 0) = 3 [pid 4366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4366] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4366] close(3) = 0 [pid 4366] mkdir("./file0", 0777) = 0 [pid 4366] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4366] chdir("./file0") = 0 [pid 4366] ioctl(4, LOOP_CLR_FD) = 0 [pid 4366] close(4) = 0 [pid 4366] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4365] <... futex resumed>) = 0 [pid 4366] open(".", O_RDONLY [pid 4365] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4365] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4366] <... open resumed>) = 4 [pid 4366] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4365] <... futex resumed>) = 0 [pid 4365] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4366] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4365] <... futex resumed>) = 0 [pid 4365] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4366] <... mkdirat resumed>) = 0 [pid 4366] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4366] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4365] <... futex resumed>) = 0 [pid 4365] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4366] <... futex resumed>) = 0 [pid 4366] sync( [pid 4365] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4365] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4365] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4367], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4367 ./strace-static-x86_64: Process 4367 attached [pid 4365] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4367] set_robust_list(0x7fa6ebe889e0, 24 [pid 4365] <... futex resumed>) = 0 [pid 4365] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4366] <... sync resumed>) = 0 [pid 4366] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4366] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4367] <... set_robust_list resumed>) = 0 [pid 4367] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4367] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4365] <... futex resumed>) = 0 [pid 4367] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4365] exit_group(0 [pid 4366] <... futex resumed>) = ? [pid 4365] <... exit_group resumed>) = ? [pid 4366] +++ exited with 0 +++ [pid 4367] <... futex resumed>) = ? [pid 4367] +++ exited with 0 +++ [pid 4365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4365, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./244/binderfs") = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 75.598940][ T4366] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4368 ./strace-static-x86_64: Process 4368 attached [pid 4368] set_robust_list(0x5555563795e0, 24) = 0 [pid 4368] chdir("./245") = 0 [pid 4368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4368] setpgid(0, 0) = 0 [pid 4368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4368] write(3, "1000", 4) = 4 [pid 4368] close(3) = 0 [pid 4368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4368] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4368] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4368] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4369], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4369 [pid 4368] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4369 attached [pid 4369] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4369] memfd_create("syzkaller", 0) = 3 [pid 4369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4369] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4369] close(3) = 0 [pid 4369] mkdir("./file0", 0777) = 0 [pid 4369] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4369] chdir("./file0") = 0 [pid 4369] ioctl(4, LOOP_CLR_FD) = 0 [pid 4369] close(4) = 0 [pid 4369] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4369] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4369] <... futex resumed>) = 0 [pid 4368] <... futex resumed>) = 1 [pid 4369] open(".", O_RDONLY [pid 4368] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... open resumed>) = 4 [pid 4369] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4369] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... mkdirat resumed>) = 0 [pid 4369] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4369] <... futex resumed>) = 1 [pid 4368] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4369] sync( [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4368] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4368] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4370 attached [pid 4370] set_robust_list(0x7fa6ebe889e0, 24 [pid 4369] <... sync resumed>) = 0 [pid 4368] <... clone resumed>, parent_tid=[4370], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4370 [pid 4370] <... set_robust_list resumed>) = 0 [pid 4368] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4370] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4368] <... futex resumed>) = 0 [pid 4370] <... openat resumed>) = 5 [pid 4369] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4370] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4369] <... futex resumed>) = 0 [pid 4370] <... futex resumed>) = 1 [pid 4369] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4368] <... futex resumed>) = 0 [pid 4370] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4368] exit_group(0 [pid 4370] <... futex resumed>) = ? [pid 4369] <... futex resumed>) = ? [pid 4368] <... exit_group resumed>) = ? [pid 4369] +++ exited with 0 +++ [pid 4370] +++ exited with 0 +++ [pid 4368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4368, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./245/binderfs") = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.682899][ T4369] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4371 ./strace-static-x86_64: Process 4371 attached [pid 4371] set_robust_list(0x5555563795e0, 24) = 0 [pid 4371] chdir("./246") = 0 [pid 4371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4371] setpgid(0, 0) = 0 [pid 4371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4371] write(3, "1000", 4) = 4 [pid 4371] close(3) = 0 [pid 4371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4371] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4371] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4371] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4372], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4372 [pid 4371] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4371] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4372 attached [pid 4372] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4372] memfd_create("syzkaller", 0) = 3 [pid 4372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4372] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4372] close(3) = 0 [pid 4372] mkdir("./file0", 0777) = 0 [pid 4372] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4372] chdir("./file0") = 0 [pid 4372] ioctl(4, LOOP_CLR_FD) = 0 [pid 4372] close(4) = 0 [pid 4372] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4371] <... futex resumed>) = 0 [pid 4371] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4371] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4372] open(".", O_RDONLY) = 4 [pid 4372] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4371] <... futex resumed>) = 0 [pid 4371] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4371] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4372] <... futex resumed>) = 1 [pid 4372] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4372] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4371] <... futex resumed>) = 0 [pid 4371] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4371] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4371] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4371] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4373], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4373 [pid 4371] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4371] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4373 attached [pid 4373] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4373] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4372] sync( [pid 4373] <... openat resumed>) = 5 [pid 4373] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4371] <... futex resumed>) = 0 [pid 4373] <... futex resumed>) = 1 [pid 4373] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4372] <... sync resumed>) = 0 [pid 4372] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4372] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4371] exit_group(0) = ? [pid 4373] <... futex resumed>) = ? [pid 4372] <... futex resumed>) = ? [pid 4373] +++ exited with 0 +++ [pid 4372] +++ exited with 0 +++ [pid 4371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4371, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./246/binderfs") = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 75.775309][ T4372] loop0: detected capacity change from 0 to 64 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4374 ./strace-static-x86_64: Process 4374 attached [pid 4374] set_robust_list(0x5555563795e0, 24) = 0 [pid 4374] chdir("./247") = 0 [pid 4374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4374] setpgid(0, 0) = 0 [pid 4374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4374] write(3, "1000", 4) = 4 [pid 4374] close(3) = 0 [pid 4374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4374] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4374] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4374] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4375], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4375 ./strace-static-x86_64: Process 4375 attached [pid 4375] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4375] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4374] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4375] <... futex resumed>) = 0 [pid 4375] memfd_create("syzkaller", 0) = 3 [pid 4374] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4375] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4375] close(3) = 0 [pid 4375] mkdir("./file0", 0777) = 0 [pid 4375] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4375] chdir("./file0") = 0 [pid 4375] ioctl(4, LOOP_CLR_FD) = 0 [pid 4375] close(4) = 0 [pid 4375] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4374] <... futex resumed>) = 0 [pid 4374] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4374] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4375] open(".", O_RDONLY) = 4 [pid 4375] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4374] <... futex resumed>) = 0 [pid 4374] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4374] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4375] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4375] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4374] <... futex resumed>) = 0 [pid 4374] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4374] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4375] sync( [pid 4374] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4374] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4374] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4376], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4376 [pid 4374] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4374] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4376 attached [pid 4376] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4376] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4376] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4374] <... futex resumed>) = 0 [pid 4376] <... futex resumed>) = 1 [pid 4376] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4375] <... sync resumed>) = 0 [pid 4375] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4374] exit_group(0) = ? [pid 4376] <... futex resumed>) = ? [pid 4376] +++ exited with 0 +++ [pid 4375] <... futex resumed>) = ? [pid 4375] +++ exited with 0 +++ [pid 4374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4374, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.875125][ T4375] loop0: detected capacity change from 0 to 64 lstat("./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./247/binderfs") = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4377 attached , child_tidptr=0x5555563795d0) = 4377 [pid 4377] set_robust_list(0x5555563795e0, 24) = 0 [pid 4377] chdir("./248") = 0 [pid 4377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4377] setpgid(0, 0) = 0 [pid 4377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4377] write(3, "1000", 4) = 4 [pid 4377] close(3) = 0 [pid 4377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4377] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4377] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4377] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4378 attached , parent_tid=[4378], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4378 [pid 4378] set_robust_list(0x7fa6ebea99e0, 24 [pid 4377] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4378] <... set_robust_list resumed>) = 0 [pid 4377] <... futex resumed>) = 0 [pid 4378] memfd_create("syzkaller", 0 [pid 4377] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4378] <... memfd_create resumed>) = 3 [pid 4378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4378] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4378] close(3) = 0 [pid 4378] mkdir("./file0", 0777) = 0 [pid 4378] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4378] chdir("./file0") = 0 [pid 4378] ioctl(4, LOOP_CLR_FD) = 0 [pid 4378] close(4) = 0 [pid 4378] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4377] <... futex resumed>) = 0 [pid 4378] open(".", O_RDONLY [pid 4377] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4378] <... open resumed>) = 4 [pid 4377] <... futex resumed>) = 0 [pid 4378] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4377] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4378] <... futex resumed>) = 0 [pid 4377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4378] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4377] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4378] <... mkdirat resumed>) = 0 [pid 4377] <... futex resumed>) = 0 [pid 4378] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4377] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4378] <... futex resumed>) = 0 [pid 4377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4378] sync( [pid 4377] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4377] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4377] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4377] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4379], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4379 [pid 4377] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4377] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4379 attached [pid 4379] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4379] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4378] <... sync resumed>) = 0 [pid 4378] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4378] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4379] <... openat resumed>) = 5 [pid 4379] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4377] <... futex resumed>) = 0 [pid 4377] exit_group(0 [pid 4378] <... futex resumed>) = ? [pid 4377] <... exit_group resumed>) = ? [pid 4378] +++ exited with 0 +++ [pid 4379] <... futex resumed>) = ? [pid 4379] +++ exited with 0 +++ [pid 4377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4377, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./248/binderfs") = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4380 [ 75.991864][ T4378] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 4380 attached [pid 4380] set_robust_list(0x5555563795e0, 24) = 0 [pid 4380] chdir("./249") = 0 [pid 4380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4380] setpgid(0, 0) = 0 [pid 4380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4380] write(3, "1000", 4) = 4 [pid 4380] close(3) = 0 [pid 4380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4380] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4380] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4380] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4381 attached , parent_tid=[4381], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4381 [pid 4381] set_robust_list(0x7fa6ebea99e0, 24 [pid 4380] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4380] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4381] <... set_robust_list resumed>) = 0 [pid 4381] memfd_create("syzkaller", 0) = 3 [pid 4381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4381] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4381] close(3) = 0 [pid 4381] mkdir("./file0", 0777) = 0 [pid 4381] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4381] chdir("./file0") = 0 [pid 4381] ioctl(4, LOOP_CLR_FD) = 0 [pid 4381] close(4) = 0 [pid 4381] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4381] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4380] <... futex resumed>) = 0 [pid 4380] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4381] <... futex resumed>) = 0 [pid 4380] <... futex resumed>) = 1 [pid 4381] open(".", O_RDONLY [pid 4380] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4381] <... open resumed>) = 4 [pid 4381] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4380] <... futex resumed>) = 0 [pid 4381] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4380] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4381] <... mkdirat resumed>) = 0 [pid 4380] <... futex resumed>) = 0 [pid 4380] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4381] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4380] <... futex resumed>) = 0 [pid 4381] sync( [pid 4380] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4380] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4380] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4380] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4382 attached [pid 4382] set_robust_list(0x7fa6ebe889e0, 24 [pid 4381] <... sync resumed>) = 0 [pid 4380] <... clone resumed>, parent_tid=[4382], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4382 [pid 4382] <... set_robust_list resumed>) = 0 [pid 4381] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4380] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4382] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4381] <... futex resumed>) = 0 [pid 4380] <... futex resumed>) = 0 [pid 4381] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4380] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4382] <... openat resumed>) = 5 [pid 4382] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4380] <... futex resumed>) = 0 [pid 4382] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4380] exit_group(0 [pid 4382] <... futex resumed>) = ? [pid 4381] <... futex resumed>) = ? [pid 4380] <... exit_group resumed>) = ? [pid 4382] +++ exited with 0 +++ [pid 4381] +++ exited with 0 +++ [pid 4380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4380, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./249/binderfs") = 0 [ 76.072423][ T4381] loop0: detected capacity change from 0 to 64 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4383 ./strace-static-x86_64: Process 4383 attached [pid 4383] set_robust_list(0x5555563795e0, 24) = 0 [pid 4383] chdir("./250") = 0 [pid 4383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4383] setpgid(0, 0) = 0 [pid 4383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4383] write(3, "1000", 4) = 4 [pid 4383] close(3) = 0 [pid 4383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4383] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4383] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4383] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4384 attached [pid 4384] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4384] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4383] <... clone resumed>, parent_tid=[4384], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4384 [pid 4383] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4384] <... futex resumed>) = 0 [pid 4383] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4384] memfd_create("syzkaller", 0) = 3 [pid 4384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4384] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4384] close(3) = 0 [pid 4384] mkdir("./file0", 0777) = 0 [pid 4384] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4384] chdir("./file0") = 0 [pid 4384] ioctl(4, LOOP_CLR_FD) = 0 [pid 4384] close(4) = 0 [pid 4384] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4383] <... futex resumed>) = 0 [pid 4383] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4383] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4384] open(".", O_RDONLY) = 4 [pid 4384] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4383] <... futex resumed>) = 0 [pid 4384] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4383] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4383] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4384] <... mkdirat resumed>) = 0 [pid 4384] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4383] <... futex resumed>) = 0 [pid 4384] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4383] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4383] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4384] sync( [pid 4383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4383] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4383] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4385 attached [pid 4385] set_robust_list(0x7fa6ebe889e0, 24 [pid 4383] <... clone resumed>, parent_tid=[4385], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4385 [pid 4383] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4383] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4385] <... set_robust_list resumed>) = 0 [pid 4385] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4384] <... sync resumed>) = 0 [pid 4384] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4384] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4385] <... openat resumed>) = 5 [pid 4385] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4383] <... futex resumed>) = 0 [pid 4385] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4383] exit_group(0 [pid 4385] <... futex resumed>) = ? [pid 4384] <... futex resumed>) = ? [pid 4383] <... exit_group resumed>) = ? [pid 4385] +++ exited with 0 +++ [pid 4384] +++ exited with 0 +++ [pid 4383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4383, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./250/binderfs") = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 76.171464][ T4384] loop0: detected capacity change from 0 to 64 rmdir("./250/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4386 ./strace-static-x86_64: Process 4386 attached [pid 4386] set_robust_list(0x5555563795e0, 24) = 0 [pid 4386] chdir("./251") = 0 [pid 4386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4386] setpgid(0, 0) = 0 [pid 4386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4386] write(3, "1000", 4) = 4 [pid 4386] close(3) = 0 [pid 4386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4386] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4386] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4386] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4387 attached , parent_tid=[4387], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4387 [pid 4386] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4386] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4387] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4387] memfd_create("syzkaller", 0) = 3 [pid 4387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4387] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4387] close(3) = 0 [pid 4387] mkdir("./file0", 0777) = 0 [pid 4387] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4387] chdir("./file0") = 0 [pid 4387] ioctl(4, LOOP_CLR_FD) = 0 [pid 4387] close(4) = 0 [pid 4387] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4386] <... futex resumed>) = 0 [pid 4387] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4386] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4386] <... futex resumed>) = 0 [pid 4387] open(".", O_RDONLY [pid 4386] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4387] <... open resumed>) = 4 [pid 4387] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4386] <... futex resumed>) = 0 [pid 4387] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4386] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4386] <... futex resumed>) = 0 [pid 4387] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4386] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4387] <... mkdirat resumed>) = 0 [pid 4387] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4386] <... futex resumed>) = 0 [pid 4387] sync( [pid 4386] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4386] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4386] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4386] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4387] <... sync resumed>) = 0 [pid 4387] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4386] <... clone resumed>, parent_tid=[4388], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4388 [pid 4387] <... futex resumed>) = 0 [pid 4386] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4387] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4386] <... futex resumed>) = 0 [pid 4386] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4388 attached [pid 4388] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4388] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4388] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4386] <... futex resumed>) = 0 [pid 4388] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4386] exit_group(0 [pid 4387] <... futex resumed>) = ? [pid 4388] <... futex resumed>) = ? [pid 4386] <... exit_group resumed>) = ? [pid 4387] +++ exited with 0 +++ [pid 4388] +++ exited with 0 +++ [pid 4386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4386, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./251/binderfs") = 0 [ 76.259555][ T4387] loop0: detected capacity change from 0 to 64 [ 76.271681][ T14] cfg80211: failed to load regulatory.db umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4389 ./strace-static-x86_64: Process 4389 attached [pid 4389] set_robust_list(0x5555563795e0, 24) = 0 [pid 4389] chdir("./252") = 0 [pid 4389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4389] setpgid(0, 0) = 0 [pid 4389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4389] write(3, "1000", 4) = 4 [pid 4389] close(3) = 0 [pid 4389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4389] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4389] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4389] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4390 attached , parent_tid=[4390], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4390 [pid 4389] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4390] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4390] memfd_create("syzkaller", 0) = 3 [pid 4390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4390] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4390] close(3) = 0 [pid 4390] mkdir("./file0", 0777) = 0 [pid 4390] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4390] chdir("./file0") = 0 [pid 4390] ioctl(4, LOOP_CLR_FD) = 0 [pid 4390] close(4) = 0 [pid 4390] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] open(".", O_RDONLY) = 4 [pid 4390] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4390] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4389] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4389] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4391], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4391 [pid 4389] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] sync(./strace-static-x86_64: Process 4391 attached ) = 0 [pid 4391] set_robust_list(0x7fa6ebe889e0, 24 [pid 4390] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4391] <... set_robust_list resumed>) = 0 [pid 4390] <... futex resumed>) = 0 [pid 4391] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4390] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4391] <... openat resumed>) = 5 [pid 4391] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4389] <... futex resumed>) = 0 [pid 4389] exit_group(0) = ? [pid 4390] <... futex resumed>) = ? [pid 4390] +++ exited with 0 +++ [pid 4391] +++ exited with 0 +++ [pid 4389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4389, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./252/binderfs") = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 [ 76.368445][ T4390] loop0: detected capacity change from 0 to 64 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4392 ./strace-static-x86_64: Process 4392 attached [pid 4392] set_robust_list(0x5555563795e0, 24) = 0 [pid 4392] chdir("./253") = 0 [pid 4392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4392] setpgid(0, 0) = 0 [pid 4392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4392] write(3, "1000", 4) = 4 [pid 4392] close(3) = 0 [pid 4392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4392] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4392] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4392] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4393 attached [pid 4393] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4393] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4392] <... clone resumed>, parent_tid=[4393], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4393 [pid 4392] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4393] <... futex resumed>) = 0 [pid 4393] memfd_create("syzkaller", 0 [pid 4392] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4393] <... memfd_create resumed>) = 3 [pid 4393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4393] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4393] close(3) = 0 [pid 4393] mkdir("./file0", 0777) = 0 [pid 4393] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4393] chdir("./file0") = 0 [pid 4393] ioctl(4, LOOP_CLR_FD) = 0 [pid 4393] close(4) = 0 [pid 4393] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4392] <... futex resumed>) = 0 [pid 4393] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4392] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4392] <... futex resumed>) = 0 [pid 4393] open(".", O_RDONLY [pid 4392] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4393] <... open resumed>) = 4 [pid 4393] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4393] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4392] <... futex resumed>) = 0 [pid 4392] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4393] <... futex resumed>) = 0 [pid 4392] <... futex resumed>) = 1 [pid 4393] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4392] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4393] <... mkdirat resumed>) = 0 [pid 4393] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4392] <... futex resumed>) = 0 [pid 4393] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4392] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4392] <... futex resumed>) = 0 [pid 4393] sync( [pid 4392] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4392] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4392] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4394 attached , parent_tid=[4394], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4394 [pid 4394] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4394] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4392] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4394] <... futex resumed>) = 0 [pid 4392] <... futex resumed>) = 1 [pid 4392] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4394] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4393] <... sync resumed>) = 0 [pid 4393] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4393] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4394] <... openat resumed>) = 5 [pid 4394] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4392] <... futex resumed>) = 0 [pid 4394] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4392] exit_group(0 [pid 4394] <... futex resumed>) = ? [pid 4393] <... futex resumed>) = ? [pid 4392] <... exit_group resumed>) = ? [pid 4394] +++ exited with 0 +++ [pid 4393] +++ exited with 0 +++ [pid 4392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4392, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./253/binderfs") = 0 [ 76.458456][ T4393] loop0: detected capacity change from 0 to 64 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4395 ./strace-static-x86_64: Process 4395 attached [pid 4395] set_robust_list(0x5555563795e0, 24) = 0 [pid 4395] chdir("./254") = 0 [pid 4395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4395] setpgid(0, 0) = 0 [pid 4395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4395] write(3, "1000", 4) = 4 [pid 4395] close(3) = 0 [pid 4395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4395] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4395] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4395] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4396 attached , parent_tid=[4396], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4396 [pid 4396] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4396] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4395] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4396] <... futex resumed>) = 0 [pid 4396] memfd_create("syzkaller", 0 [pid 4395] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4396] <... memfd_create resumed>) = 3 [pid 4396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4396] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4396] close(3) = 0 [pid 4396] mkdir("./file0", 0777) = 0 [pid 4396] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4396] chdir("./file0") = 0 [pid 4396] ioctl(4, LOOP_CLR_FD) = 0 [pid 4396] close(4) = 0 [pid 4396] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4395] <... futex resumed>) = 0 [pid 4395] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4395] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4396] <... futex resumed>) = 1 [pid 4396] open(".", O_RDONLY) = 4 [pid 4396] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4395] <... futex resumed>) = 0 [pid 4395] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4395] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4396] <... futex resumed>) = 1 [pid 4396] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4396] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4395] <... futex resumed>) = 0 [pid 4395] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4395] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4395] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4395] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4397], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4397 [pid 4395] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4395] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4396] <... futex resumed>) = 1 [pid 4396] sync(./strace-static-x86_64: Process 4397 attached [pid 4397] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4397] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4397] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4395] <... futex resumed>) = 0 [pid 4397] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4396] <... sync resumed>) = 0 [pid 4396] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4395] exit_group(0) = ? [pid 4397] <... futex resumed>) = ? [pid 4396] +++ exited with 0 +++ [pid 4397] +++ exited with 0 +++ [pid 4395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4395, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./254/binderfs") = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 76.552412][ T4396] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4398 ./strace-static-x86_64: Process 4398 attached [pid 4398] set_robust_list(0x5555563795e0, 24) = 0 [pid 4398] chdir("./255") = 0 [pid 4398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4398] setpgid(0, 0) = 0 [pid 4398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4398] write(3, "1000", 4) = 4 [pid 4398] close(3) = 0 [pid 4398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4398] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4398] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4398] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4399 attached , parent_tid=[4399], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4399 [pid 4399] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4399] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4398] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4399] <... futex resumed>) = 0 [pid 4399] memfd_create("syzkaller", 0) = 3 [pid 4399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4398] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4399] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4399] close(3) = 0 [pid 4399] mkdir("./file0", 0777) = 0 [pid 4399] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4399] chdir("./file0") = 0 [pid 4399] ioctl(4, LOOP_CLR_FD) = 0 [pid 4399] close(4) = 0 [pid 4399] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4398] <... futex resumed>) = 0 [pid 4398] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4398] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4399] open(".", O_RDONLY) = 4 [pid 4399] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4398] <... futex resumed>) = 0 [pid 4399] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4398] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4398] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4399] <... mkdirat resumed>) = 0 [pid 4399] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4398] <... futex resumed>) = 0 [pid 4399] sync( [pid 4398] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4398] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4398] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4398] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4400 attached [pid 4400] set_robust_list(0x7fa6ebe889e0, 24 [pid 4398] <... clone resumed>, parent_tid=[4400], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4400 [pid 4400] <... set_robust_list resumed>) = 0 [pid 4398] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4400] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4398] <... futex resumed>) = 0 [pid 4398] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4400] <... openat resumed>) = 5 [pid 4400] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4400] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4398] <... futex resumed>) = 0 [pid 4399] <... sync resumed>) = 0 [pid 4399] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4399] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4398] exit_group(0 [pid 4400] <... futex resumed>) = ? [pid 4399] <... futex resumed>) = ? [pid 4398] <... exit_group resumed>) = ? [pid 4400] +++ exited with 0 +++ [pid 4399] +++ exited with 0 +++ [pid 4398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4398, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./255/binderfs") = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.639393][ T4399] loop0: detected capacity change from 0 to 64 lstat("./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4401 ./strace-static-x86_64: Process 4401 attached [pid 4401] set_robust_list(0x5555563795e0, 24) = 0 [pid 4401] chdir("./256") = 0 [pid 4401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4401] setpgid(0, 0) = 0 [pid 4401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4401] write(3, "1000", 4) = 4 [pid 4401] close(3) = 0 [pid 4401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4401] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4401] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4401] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4402], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4402 ./strace-static-x86_64: Process 4402 attached [pid 4402] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4402] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4401] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4402] <... futex resumed>) = 0 [pid 4402] memfd_create("syzkaller", 0 [pid 4401] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4402] <... memfd_create resumed>) = 3 [pid 4402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4402] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4402] close(3) = 0 [pid 4402] mkdir("./file0", 0777) = 0 [pid 4402] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4402] chdir("./file0") = 0 [pid 4402] ioctl(4, LOOP_CLR_FD) = 0 [pid 4402] close(4) = 0 [pid 4402] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4401] <... futex resumed>) = 0 [pid 4401] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4401] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4402] <... futex resumed>) = 1 [pid 4402] open(".", O_RDONLY) = 4 [pid 4402] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4401] <... futex resumed>) = 0 [pid 4401] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4401] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4402] <... futex resumed>) = 1 [pid 4402] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4402] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4401] <... futex resumed>) = 0 [pid 4401] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4401] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4402] <... futex resumed>) = 1 [pid 4401] <... futex resumed>) = 0 [pid 4402] sync( [pid 4401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4401] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4401] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4403], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4403 ./strace-static-x86_64: Process 4403 attached [pid 4401] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4403] set_robust_list(0x7fa6ebe889e0, 24 [pid 4401] <... futex resumed>) = 0 [pid 4401] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4403] <... set_robust_list resumed>) = 0 [pid 4403] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4403] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4401] <... futex resumed>) = 0 [pid 4403] <... futex resumed>) = 1 [pid 4403] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4402] <... sync resumed>) = 0 [pid 4402] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4402] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4401] exit_group(0 [pid 4403] <... futex resumed>) = ? [pid 4402] <... futex resumed>) = ? [pid 4401] <... exit_group resumed>) = ? [pid 4403] +++ exited with 0 +++ [pid 4402] +++ exited with 0 +++ [pid 4401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4401, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./256/binderfs") = 0 [ 76.734477][ T4402] loop0: detected capacity change from 0 to 64 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4404 ./strace-static-x86_64: Process 4404 attached [pid 4404] set_robust_list(0x5555563795e0, 24) = 0 [pid 4404] chdir("./257") = 0 [pid 4404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4404] setpgid(0, 0) = 0 [pid 4404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4404] write(3, "1000", 4) = 4 [pid 4404] close(3) = 0 [pid 4404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4404] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4404] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4404] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4405 attached , parent_tid=[4405], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4405 [pid 4404] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4404] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4405] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4405] memfd_create("syzkaller", 0) = 3 [pid 4405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4405] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4405] close(3) = 0 [pid 4405] mkdir("./file0", 0777) = 0 [pid 4405] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4405] chdir("./file0") = 0 [pid 4405] ioctl(4, LOOP_CLR_FD) = 0 [pid 4405] close(4) = 0 [pid 4405] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4404] <... futex resumed>) = 0 [pid 4404] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4404] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4405] open(".", O_RDONLY) = 4 [pid 4405] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4404] <... futex resumed>) = 0 [pid 4404] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4404] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4405] <... futex resumed>) = 1 [pid 4405] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4405] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4404] <... futex resumed>) = 0 [pid 4405] <... futex resumed>) = 1 [pid 4404] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4405] sync( [pid 4404] <... futex resumed>) = 0 [pid 4404] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4404] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4404] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4406 attached , parent_tid=[4406], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4406 [pid 4406] set_robust_list(0x7fa6ebe889e0, 24 [pid 4404] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4406] <... set_robust_list resumed>) = 0 [pid 4404] <... futex resumed>) = 0 [pid 4406] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4404] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4405] <... sync resumed>) = 0 [pid 4405] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4406] <... openat resumed>) = 5 [pid 4406] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4405] <... futex resumed>) = 0 [pid 4404] <... futex resumed>) = 0 [pid 4406] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4405] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4404] exit_group(0 [pid 4406] <... futex resumed>) = ? [pid 4405] <... futex resumed>) = ? [pid 4404] <... exit_group resumed>) = ? [pid 4406] +++ exited with 0 +++ [pid 4405] +++ exited with 0 +++ [pid 4404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4404, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./257/binderfs") = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 76.829150][ T4405] loop0: detected capacity change from 0 to 64 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4407 ./strace-static-x86_64: Process 4407 attached [pid 4407] set_robust_list(0x5555563795e0, 24) = 0 [pid 4407] chdir("./258") = 0 [pid 4407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4407] setpgid(0, 0) = 0 [pid 4407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4407] write(3, "1000", 4) = 4 [pid 4407] close(3) = 0 [pid 4407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4407] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4407] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4407] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4408 attached , parent_tid=[4408], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4408 [pid 4408] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4408] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4407] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4408] <... futex resumed>) = 0 [pid 4407] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4408] memfd_create("syzkaller", 0) = 3 [pid 4408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4408] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4408] close(3) = 0 [pid 4408] mkdir("./file0", 0777) = 0 [pid 4408] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4408] chdir("./file0") = 0 [pid 4408] ioctl(4, LOOP_CLR_FD) = 0 [pid 4408] close(4) = 0 [pid 4408] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4407] <... futex resumed>) = 0 [pid 4407] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4407] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4408] <... futex resumed>) = 1 [pid 4408] open(".", O_RDONLY) = 4 [pid 4408] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4407] <... futex resumed>) = 0 [pid 4407] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4407] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4408] <... futex resumed>) = 1 [pid 4408] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4408] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4407] <... futex resumed>) = 0 [pid 4407] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4407] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4407] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4407] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4409], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4409 [pid 4407] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4407] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4408] <... futex resumed>) = 1 [pid 4408] sync() = 0 [pid 4408] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4408] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4409 attached [pid 4409] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4409] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4409] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4407] <... futex resumed>) = 0 [pid 4407] exit_group(0 [pid 4409] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4408] <... futex resumed>) = ? [pid 4407] <... exit_group resumed>) = ? [pid 4408] +++ exited with 0 +++ [pid 4409] <... futex resumed>) = ? [pid 4409] +++ exited with 0 +++ [pid 4407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4407, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./258/binderfs") = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 76.932574][ T4408] loop0: detected capacity change from 0 to 64 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4410 ./strace-static-x86_64: Process 4410 attached [pid 4410] set_robust_list(0x5555563795e0, 24) = 0 [pid 4410] chdir("./259") = 0 [pid 4410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4410] setpgid(0, 0) = 0 [pid 4410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4410] write(3, "1000", 4) = 4 [pid 4410] close(3) = 0 [pid 4410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4410] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4410] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4410] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4411 attached [pid 4411] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4411] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4410] <... clone resumed>, parent_tid=[4411], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4411 [pid 4410] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4411] <... futex resumed>) = 0 [pid 4410] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4411] memfd_create("syzkaller", 0) = 3 [pid 4411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4411] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4411] close(3) = 0 [pid 4411] mkdir("./file0", 0777) = 0 [pid 4411] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4411] chdir("./file0") = 0 [pid 4411] ioctl(4, LOOP_CLR_FD) = 0 [pid 4411] close(4) = 0 [pid 4411] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] open(".", O_RDONLY) = 4 [pid 4411] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4411] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4410] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4410] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4412], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4412 [pid 4410] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] sync() = 0 ./strace-static-x86_64: Process 4412 attached [pid 4411] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4411] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4412] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4412] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4412] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] exit_group(0) = ? [pid 4411] <... futex resumed>) = ? [pid 4411] +++ exited with 0 +++ [pid 4412] <... futex resumed>) = ? [pid 4412] +++ exited with 0 +++ [pid 4410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4410, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./259/binderfs") = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 [ 77.021224][ T4411] loop0: detected capacity change from 0 to 64 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4413 ./strace-static-x86_64: Process 4413 attached [pid 4413] set_robust_list(0x5555563795e0, 24) = 0 [pid 4413] chdir("./260") = 0 [pid 4413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4413] setpgid(0, 0) = 0 [pid 4413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4413] write(3, "1000", 4) = 4 [pid 4413] close(3) = 0 [pid 4413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4413] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4413] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4413] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4414 attached , parent_tid=[4414], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4414 [pid 4414] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4413] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4413] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4414] memfd_create("syzkaller", 0) = 3 [pid 4414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4414] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4414] close(3) = 0 [pid 4414] mkdir("./file0", 0777) = 0 [pid 4414] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4414] chdir("./file0") = 0 [pid 4414] ioctl(4, LOOP_CLR_FD) = 0 [pid 4414] close(4) = 0 [pid 4414] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4413] <... futex resumed>) = 0 [pid 4413] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4413] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4414] <... futex resumed>) = 1 [pid 4414] open(".", O_RDONLY) = 4 [pid 4414] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4413] <... futex resumed>) = 0 [pid 4413] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4413] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4414] <... futex resumed>) = 1 [pid 4414] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4414] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4413] <... futex resumed>) = 0 [pid 4413] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4413] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4413] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4413] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4415], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4415 [pid 4413] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4413] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4414] <... futex resumed>) = 1 [pid 4414] sync() = 0 [pid 4414] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4414] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4415 attached [pid 4415] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4415] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4415] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4413] <... futex resumed>) = 0 [pid 4413] exit_group(0) = ? [pid 4414] <... futex resumed>) = ? [pid 4414] +++ exited with 0 +++ [pid 4415] <... futex resumed>) = ? [pid 4415] +++ exited with 0 +++ [pid 4413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4413, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./260/binderfs") = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4416 ./strace-static-x86_64: Process 4416 attached [pid 4416] set_robust_list(0x5555563795e0, 24) = 0 [pid 4416] chdir("./261") = 0 [pid 4416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4416] setpgid(0, 0) = 0 [pid 4416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4416] write(3, "1000", 4) = 4 [pid 4416] close(3) = 0 [ 77.095511][ T4414] loop0: detected capacity change from 0 to 64 [pid 4416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4416] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4416] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4416] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4417 attached , parent_tid=[4417], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4417 [pid 4417] set_robust_list(0x7fa6ebea99e0, 24 [pid 4416] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4417] <... set_robust_list resumed>) = 0 [pid 4416] <... futex resumed>) = 0 [pid 4416] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4417] memfd_create("syzkaller", 0) = 3 [pid 4417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4417] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4417] close(3) = 0 [pid 4417] mkdir("./file0", 0777) = 0 [pid 4417] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4417] chdir("./file0") = 0 [pid 4417] ioctl(4, LOOP_CLR_FD) = 0 [pid 4417] close(4) = 0 [pid 4417] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4416] <... futex resumed>) = 0 [pid 4417] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4416] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4416] <... futex resumed>) = 0 [pid 4417] open(".", O_RDONLY [pid 4416] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4417] <... open resumed>) = 4 [pid 4417] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4416] <... futex resumed>) = 0 [pid 4417] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4416] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4416] <... futex resumed>) = 0 [pid 4417] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4416] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4417] <... mkdirat resumed>) = 0 [pid 4417] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4416] <... futex resumed>) = 0 [pid 4417] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4416] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4416] <... futex resumed>) = 0 [pid 4417] sync( [pid 4416] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4416] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4416] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4418 attached , parent_tid=[4418], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4418 [pid 4418] set_robust_list(0x7fa6ebe889e0, 24 [pid 4416] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4417] <... sync resumed>) = 0 [pid 4416] <... futex resumed>) = 0 [pid 4417] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4416] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4417] <... futex resumed>) = 0 [pid 4417] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4418] <... set_robust_list resumed>) = 0 [pid 4418] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4418] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4416] <... futex resumed>) = 0 [pid 4418] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4416] exit_group(0 [pid 4418] <... futex resumed>) = ? [pid 4416] <... exit_group resumed>) = ? [pid 4417] <... futex resumed>) = ? [pid 4417] +++ exited with 0 +++ [pid 4418] +++ exited with 0 +++ [pid 4416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4416, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 77.163932][ T4417] loop0: detected capacity change from 0 to 64 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./261/binderfs") = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4419 attached , child_tidptr=0x5555563795d0) = 4419 [pid 4419] set_robust_list(0x5555563795e0, 24) = 0 [pid 4419] chdir("./262") = 0 [pid 4419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4419] setpgid(0, 0) = 0 [pid 4419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4419] write(3, "1000", 4) = 4 [pid 4419] close(3) = 0 [pid 4419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4419] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4419] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4419] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4420 attached [pid 4420] set_robust_list(0x7fa6ebea99e0, 24 [pid 4419] <... clone resumed>, parent_tid=[4420], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4420 [pid 4420] <... set_robust_list resumed>) = 0 [pid 4419] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4419] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4420] memfd_create("syzkaller", 0) = 3 [pid 4420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4420] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4420] close(3) = 0 [pid 4420] mkdir("./file0", 0777) = 0 [pid 4420] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4420] chdir("./file0") = 0 [pid 4420] ioctl(4, LOOP_CLR_FD) = 0 [pid 4420] close(4) = 0 [pid 4420] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4419] <... futex resumed>) = 0 [pid 4420] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4419] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4419] <... futex resumed>) = 0 [pid 4420] open(".", O_RDONLY [pid 4419] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4420] <... open resumed>) = 4 [pid 4420] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4419] <... futex resumed>) = 0 [pid 4420] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4419] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4419] <... futex resumed>) = 0 [pid 4420] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4419] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4420] <... mkdirat resumed>) = 0 [pid 4420] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4419] <... futex resumed>) = 0 [pid 4420] sync( [pid 4419] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4419] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4419] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4419] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4421 attached [pid 4421] set_robust_list(0x7fa6ebe889e0, 24 [pid 4420] <... sync resumed>) = 0 [pid 4419] <... clone resumed>, parent_tid=[4421], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4421 [pid 4421] <... set_robust_list resumed>) = 0 [pid 4420] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4419] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4420] <... futex resumed>) = 0 [pid 4419] <... futex resumed>) = 0 [pid 4419] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4421] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4420] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4421] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4419] <... futex resumed>) = 0 [pid 4419] exit_group(0 [pid 4420] <... futex resumed>) = ? [pid 4419] <... exit_group resumed>) = ? [pid 4421] <... futex resumed>) = ? [pid 4420] +++ exited with 0 +++ [pid 4421] +++ exited with 0 +++ [pid 4419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4419, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./262/binderfs") = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 77.257982][ T4420] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4422 ./strace-static-x86_64: Process 4422 attached [pid 4422] set_robust_list(0x5555563795e0, 24) = 0 [pid 4422] chdir("./263") = 0 [pid 4422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4422] setpgid(0, 0) = 0 [pid 4422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4422] write(3, "1000", 4) = 4 [pid 4422] close(3) = 0 [pid 4422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4422] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4422] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4422] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4423 attached , parent_tid=[4423], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4423 [pid 4422] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4422] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4423] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4423] memfd_create("syzkaller", 0) = 3 [pid 4423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4423] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4423] close(3) = 0 [pid 4423] mkdir("./file0", 0777) = 0 [pid 4423] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4423] chdir("./file0") = 0 [pid 4423] ioctl(4, LOOP_CLR_FD) = 0 [pid 4423] close(4) = 0 [pid 4423] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4422] <... futex resumed>) = 0 [pid 4422] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4422] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4423] open(".", O_RDONLY) = 4 [pid 4423] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4422] <... futex resumed>) = 0 [pid 4422] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4422] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4423] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4423] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4422] <... futex resumed>) = 0 [pid 4422] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4422] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4423] sync( [pid 4422] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4422] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4422] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4424 attached [pid 4424] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4424] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4422] <... clone resumed>, parent_tid=[4424], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4424 [pid 4422] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4422] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4424] <... futex resumed>) = 0 [pid 4424] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4423] <... sync resumed>) = 0 [pid 4423] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4424] <... openat resumed>) = 5 [pid 4423] <... futex resumed>) = 0 [pid 4424] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4423] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4424] <... futex resumed>) = 1 [pid 4422] <... futex resumed>) = 0 [pid 4424] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4422] exit_group(0 [pid 4423] <... futex resumed>) = ? [pid 4422] <... exit_group resumed>) = ? [pid 4424] <... futex resumed>) = ? [pid 4423] +++ exited with 0 +++ [pid 4424] +++ exited with 0 +++ [pid 4422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4422, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./263/binderfs") = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 77.346007][ T4423] loop0: detected capacity change from 0 to 64 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4425 ./strace-static-x86_64: Process 4425 attached [pid 4425] set_robust_list(0x5555563795e0, 24) = 0 [pid 4425] chdir("./264") = 0 [pid 4425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4425] setpgid(0, 0) = 0 [pid 4425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4425] write(3, "1000", 4) = 4 [pid 4425] close(3) = 0 [pid 4425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4425] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4425] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4425] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4426 attached , parent_tid=[4426], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4426 [pid 4425] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4426] set_robust_list(0x7fa6ebea99e0, 24 [pid 4425] <... futex resumed>) = 0 [pid 4426] <... set_robust_list resumed>) = 0 [pid 4425] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4426] memfd_create("syzkaller", 0) = 3 [pid 4426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4426] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4426] close(3) = 0 [pid 4426] mkdir("./file0", 0777) = 0 [pid 4426] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4426] chdir("./file0") = 0 [pid 4426] ioctl(4, LOOP_CLR_FD) = 0 [pid 4426] close(4) = 0 [pid 4426] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4425] <... futex resumed>) = 0 [pid 4425] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4425] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4426] open(".", O_RDONLY) = 4 [pid 4426] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4425] <... futex resumed>) = 0 [pid 4426] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4425] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4426] <... mkdirat resumed>) = 0 [pid 4425] <... futex resumed>) = 0 [pid 4426] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4425] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4426] <... futex resumed>) = 0 [pid 4425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4426] sync( [pid 4425] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4425] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4425] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4425] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4427 attached [pid 4427] set_robust_list(0x7fa6ebe889e0, 24 [pid 4425] <... clone resumed>, parent_tid=[4427], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4427 [pid 4425] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4426] <... sync resumed>) = 0 [pid 4425] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4426] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4426] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4427] <... set_robust_list resumed>) = 0 [pid 4427] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4427] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4425] <... futex resumed>) = 0 [pid 4425] exit_group(0) = ? [pid 4427] <... futex resumed>) = ? [pid 4427] +++ exited with 0 +++ [pid 4426] <... futex resumed>) = ? [pid 4426] +++ exited with 0 +++ [pid 4425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4425, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./264/binderfs") = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4428 ./strace-static-x86_64: Process 4428 attached [pid 4428] set_robust_list(0x5555563795e0, 24) = 0 [pid 4428] chdir("./265") = 0 [ 77.433284][ T4426] loop0: detected capacity change from 0 to 64 [pid 4428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4428] setpgid(0, 0) = 0 [pid 4428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4428] write(3, "1000", 4) = 4 [pid 4428] close(3) = 0 [pid 4428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4428] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4428] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4428] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4429], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4429 [pid 4428] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4428] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4429 attached [pid 4429] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4429] memfd_create("syzkaller", 0) = 3 [pid 4429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4429] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4429] close(3) = 0 [pid 4429] mkdir("./file0", 0777) = 0 [pid 4429] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4429] chdir("./file0") = 0 [pid 4429] ioctl(4, LOOP_CLR_FD) = 0 [pid 4429] close(4) = 0 [pid 4429] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4428] <... futex resumed>) = 0 [pid 4429] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4428] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4429] <... futex resumed>) = 0 [pid 4429] open(".", O_RDONLY) = 4 [pid 4429] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4429] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4428] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4428] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4429] <... futex resumed>) = 0 [pid 4428] <... futex resumed>) = 1 [pid 4429] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4428] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4429] <... mkdirat resumed>) = 0 [pid 4429] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4428] <... futex resumed>) = 0 [pid 4429] sync( [pid 4428] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4428] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4428] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4428] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4430], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4430 [pid 4428] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4430 attached ) = 0 [pid 4430] set_robust_list(0x7fa6ebe889e0, 24 [pid 4428] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4430] <... set_robust_list resumed>) = 0 [pid 4430] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4429] <... sync resumed>) = 0 [pid 4429] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4429] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4430] <... openat resumed>) = 5 [pid 4430] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4428] <... futex resumed>) = 0 [pid 4428] exit_group(0 [pid 4429] <... futex resumed>) = ? [pid 4428] <... exit_group resumed>) = ? [pid 4429] +++ exited with 0 +++ [pid 4430] <... futex resumed>) = ? [pid 4430] +++ exited with 0 +++ [pid 4428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4428, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./265/binderfs") = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 77.508960][ T4429] loop0: detected capacity change from 0 to 64 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4431 ./strace-static-x86_64: Process 4431 attached [pid 4431] set_robust_list(0x5555563795e0, 24) = 0 [pid 4431] chdir("./266") = 0 [pid 4431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4431] setpgid(0, 0) = 0 [pid 4431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4431] write(3, "1000", 4) = 4 [pid 4431] close(3) = 0 [pid 4431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4431] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4431] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4431] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4432], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4432 [pid 4431] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4432 attached [pid 4432] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4432] memfd_create("syzkaller", 0) = 3 [pid 4432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4432] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4432] close(3) = 0 [pid 4432] mkdir("./file0", 0777) = 0 [pid 4432] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4432] chdir("./file0") = 0 [pid 4432] ioctl(4, LOOP_CLR_FD) = 0 [pid 4432] close(4) = 0 [pid 4432] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] <... futex resumed>) = 0 [pid 4431] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... futex resumed>) = 1 [pid 4432] open(".", O_RDONLY) = 4 [pid 4432] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] <... futex resumed>) = 0 [pid 4431] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... futex resumed>) = 1 [pid 4432] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4432] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4431] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4431] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4431] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4433], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4433 [pid 4431] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4433 attached [pid 4431] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4433] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4433] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4432] sync( [pid 4433] <... openat resumed>) = 5 [pid 4433] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] <... futex resumed>) = 0 [pid 4433] <... futex resumed>) = 1 [pid 4433] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4432] <... sync resumed>) = 0 [pid 4432] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] exit_group(0) = ? [pid 4433] <... futex resumed>) = ? [pid 4433] +++ exited with 0 +++ [pid 4432] <... futex resumed>) = ? [pid 4432] +++ exited with 0 +++ [pid 4431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4431, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./266/binderfs") = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 77.591255][ T4432] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4434 ./strace-static-x86_64: Process 4434 attached [pid 4434] set_robust_list(0x5555563795e0, 24) = 0 [pid 4434] chdir("./267") = 0 [pid 4434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4434] setpgid(0, 0) = 0 [pid 4434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4434] write(3, "1000", 4) = 4 [pid 4434] close(3) = 0 [pid 4434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4434] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4434] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4434] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4435 attached [pid 4435] set_robust_list(0x7fa6ebea99e0, 24 [pid 4434] <... clone resumed>, parent_tid=[4435], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4435 [pid 4435] <... set_robust_list resumed>) = 0 [pid 4434] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4434] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4435] memfd_create("syzkaller", 0) = 3 [pid 4435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4435] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4435] close(3) = 0 [pid 4435] mkdir("./file0", 0777) = 0 [pid 4435] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4435] chdir("./file0") = 0 [pid 4435] ioctl(4, LOOP_CLR_FD) = 0 [pid 4435] close(4) = 0 [pid 4435] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4435] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4434] <... futex resumed>) = 0 [pid 4434] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4435] <... futex resumed>) = 0 [pid 4434] <... futex resumed>) = 1 [pid 4435] open(".", O_RDONLY [pid 4434] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4435] <... open resumed>) = 4 [pid 4435] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4434] <... futex resumed>) = 0 [pid 4434] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4435] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4434] <... futex resumed>) = 0 [pid 4435] <... mkdirat resumed>) = 0 [pid 4434] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4435] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4434] <... futex resumed>) = 0 [pid 4434] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4435] sync( [pid 4434] <... futex resumed>) = 0 [pid 4434] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4434] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4435] <... sync resumed>) = 0 [pid 4434] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4436 attached [pid 4435] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4436] set_robust_list(0x7fa6ebe889e0, 24 [pid 4435] <... futex resumed>) = 0 [pid 4434] <... clone resumed>, parent_tid=[4436], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4436 [pid 4436] <... set_robust_list resumed>) = 0 [pid 4435] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4434] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4436] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4434] <... futex resumed>) = 0 [pid 4434] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4436] <... openat resumed>) = 5 [pid 4436] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4434] <... futex resumed>) = 0 [pid 4436] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4434] exit_group(0 [pid 4436] <... futex resumed>) = ? [pid 4435] <... futex resumed>) = ? [pid 4434] <... exit_group resumed>) = ? [pid 4436] +++ exited with 0 +++ [pid 4435] +++ exited with 0 +++ [pid 4434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4434, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./267/binderfs") = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 77.677389][ T4435] loop0: detected capacity change from 0 to 64 rmdir("./267/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4437 ./strace-static-x86_64: Process 4437 attached [pid 4437] set_robust_list(0x5555563795e0, 24) = 0 [pid 4437] chdir("./268") = 0 [pid 4437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4437] setpgid(0, 0) = 0 [pid 4437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4437] write(3, "1000", 4) = 4 [pid 4437] close(3) = 0 [pid 4437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4437] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4437] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4437] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4438], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4438 ./strace-static-x86_64: Process 4438 attached [pid 4438] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4438] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4437] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4438] <... futex resumed>) = 0 [pid 4438] memfd_create("syzkaller", 0 [pid 4437] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4438] <... memfd_create resumed>) = 3 [pid 4438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4438] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4438] close(3) = 0 [pid 4438] mkdir("./file0", 0777) = 0 [pid 4438] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4438] chdir("./file0") = 0 [pid 4438] ioctl(4, LOOP_CLR_FD) = 0 [pid 4438] close(4) = 0 [pid 4438] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4438] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4437] <... futex resumed>) = 0 [pid 4437] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4438] <... futex resumed>) = 0 [pid 4437] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4438] open(".", O_RDONLY) = 4 [pid 4438] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4437] <... futex resumed>) = 0 [pid 4437] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4437] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4438] <... futex resumed>) = 1 [pid 4438] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4438] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4437] <... futex resumed>) = 0 [pid 4437] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4437] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4437] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4437] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4439 attached [pid 4439] set_robust_list(0x7fa6ebe889e0, 24 [pid 4437] <... clone resumed>, parent_tid=[4439], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4439 [pid 4439] <... set_robust_list resumed>) = 0 [pid 4437] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4439] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4437] <... futex resumed>) = 0 [pid 4437] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4439] <... openat resumed>) = 5 [pid 4439] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4437] <... futex resumed>) = 0 [pid 4439] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4438] <... futex resumed>) = 1 [pid 4438] sync() = 0 [pid 4438] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4438] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4437] exit_group(0 [pid 4439] <... futex resumed>) = ? [pid 4438] <... futex resumed>) = ? [pid 4437] <... exit_group resumed>) = ? [pid 4439] +++ exited with 0 +++ [pid 4438] +++ exited with 0 +++ [pid 4437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4437, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./268/binderfs") = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.782939][ T4438] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4440 ./strace-static-x86_64: Process 4440 attached [pid 4440] set_robust_list(0x5555563795e0, 24) = 0 [pid 4440] chdir("./269") = 0 [pid 4440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4440] setpgid(0, 0) = 0 [pid 4440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4440] write(3, "1000", 4) = 4 [pid 4440] close(3) = 0 [pid 4440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4440] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4440] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4440] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4441 attached [pid 4441] set_robust_list(0x7fa6ebea99e0, 24 [pid 4440] <... clone resumed>, parent_tid=[4441], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4441 [pid 4441] <... set_robust_list resumed>) = 0 [pid 4440] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4441] memfd_create("syzkaller", 0 [pid 4440] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4441] <... memfd_create resumed>) = 3 [pid 4441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4441] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4441] close(3) = 0 [pid 4441] mkdir("./file0", 0777) = 0 [pid 4441] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4441] chdir("./file0") = 0 [pid 4441] ioctl(4, LOOP_CLR_FD) = 0 [pid 4441] close(4) = 0 [pid 4441] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4440] <... futex resumed>) = 0 [pid 4440] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4440] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4441] open(".", O_RDONLY) = 4 [pid 4441] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4440] <... futex resumed>) = 0 [pid 4440] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4440] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4441] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4441] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4440] <... futex resumed>) = 0 [pid 4441] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4440] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4440] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4441] sync( [pid 4440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4440] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4440] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4442 attached , parent_tid=[4442], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4442 [pid 4440] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4440] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4442] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4442] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4441] <... sync resumed>) = 0 [pid 4441] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4441] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4442] <... openat resumed>) = 5 [pid 4442] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4440] <... futex resumed>) = 0 [pid 4442] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4440] exit_group(0) = ? [pid 4441] <... futex resumed>) = ? [pid 4442] <... futex resumed>) = ? [pid 4441] +++ exited with 0 +++ [pid 4442] +++ exited with 0 +++ [pid 4440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4440, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./269/binderfs") = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 77.895910][ T4441] loop0: detected capacity change from 0 to 64 rmdir("./269/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4443 ./strace-static-x86_64: Process 4443 attached [pid 4443] set_robust_list(0x5555563795e0, 24) = 0 [pid 4443] chdir("./270") = 0 [pid 4443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4443] setpgid(0, 0) = 0 [pid 4443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4443] write(3, "1000", 4) = 4 [pid 4443] close(3) = 0 [pid 4443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4443] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4443] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4443] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4444 attached [pid 4444] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4443] <... clone resumed>, parent_tid=[4444], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4444 [pid 4443] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4444] memfd_create("syzkaller", 0 [pid 4443] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4444] <... memfd_create resumed>) = 3 [pid 4444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4444] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4444] close(3) = 0 [pid 4444] mkdir("./file0", 0777) = 0 [pid 4444] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4444] chdir("./file0") = 0 [pid 4444] ioctl(4, LOOP_CLR_FD) = 0 [pid 4444] close(4) = 0 [pid 4444] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4443] <... futex resumed>) = 0 [pid 4444] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4443] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4443] <... futex resumed>) = 0 [pid 4444] open(".", O_RDONLY [pid 4443] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4444] <... open resumed>) = 4 [pid 4444] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4443] <... futex resumed>) = 0 [pid 4444] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4443] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4443] <... futex resumed>) = 0 [pid 4444] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4443] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4444] <... mkdirat resumed>) = 0 [pid 4444] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4443] <... futex resumed>) = 0 [pid 4444] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4443] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4443] <... futex resumed>) = 0 [pid 4444] sync( [pid 4443] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4443] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4443] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4445 attached , parent_tid=[4445], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4445 [pid 4445] set_robust_list(0x7fa6ebe889e0, 24 [pid 4443] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4445] <... set_robust_list resumed>) = 0 [pid 4445] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4443] <... futex resumed>) = 0 [pid 4445] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4444] <... sync resumed>) = 0 [pid 4443] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4444] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4444] <... futex resumed>) = 0 [pid 4445] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4443] exit_group(0) = ? [pid 4445] <... futex resumed>) = ? [pid 4445] +++ exited with 0 +++ [pid 4444] +++ exited with 0 +++ [pid 4443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4443, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./270/binderfs") = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 77.984519][ T4444] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4446 ./strace-static-x86_64: Process 4446 attached [pid 4446] set_robust_list(0x5555563795e0, 24) = 0 [pid 4446] chdir("./271") = 0 [pid 4446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4446] setpgid(0, 0) = 0 [pid 4446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4446] write(3, "1000", 4) = 4 [pid 4446] close(3) = 0 [pid 4446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4446] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4446] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4446] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4447 attached , parent_tid=[4447], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4447 [pid 4446] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4446] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4447] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4447] memfd_create("syzkaller", 0) = 3 [pid 4447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4447] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4447] close(3) = 0 [pid 4447] mkdir("./file0", 0777) = 0 [pid 4447] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4447] chdir("./file0") = 0 [pid 4447] ioctl(4, LOOP_CLR_FD) = 0 [pid 4447] close(4) = 0 [pid 4447] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4447] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4446] <... futex resumed>) = 0 [pid 4446] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4447] <... futex resumed>) = 0 [pid 4446] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4447] open(".", O_RDONLY) = 4 [pid 4447] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4446] <... futex resumed>) = 0 [pid 4446] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4446] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4447] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4447] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4446] <... futex resumed>) = 0 [pid 4447] sync( [pid 4446] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4446] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4446] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4446] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4448], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4448 ./strace-static-x86_64: Process 4448 attached [pid 4448] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4448] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4446] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4447] <... sync resumed>) = 0 [pid 4446] <... futex resumed>) = 1 [pid 4447] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4448] <... futex resumed>) = 0 [pid 4448] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4447] <... futex resumed>) = 0 [pid 4446] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4447] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4448] <... openat resumed>) = 5 [pid 4448] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4448] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4446] <... futex resumed>) = 0 [pid 4446] exit_group(0 [pid 4447] <... futex resumed>) = ? [pid 4446] <... exit_group resumed>) = ? [pid 4448] <... futex resumed>) = ? [pid 4448] +++ exited with 0 +++ [pid 4447] +++ exited with 0 +++ [pid 4446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4446, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./271/binderfs") = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 78.072341][ T4447] loop0: detected capacity change from 0 to 64 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4449 ./strace-static-x86_64: Process 4449 attached [pid 4449] set_robust_list(0x5555563795e0, 24) = 0 [pid 4449] chdir("./272") = 0 [pid 4449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4449] setpgid(0, 0) = 0 [pid 4449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4449] write(3, "1000", 4) = 4 [pid 4449] close(3) = 0 [pid 4449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4449] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4449] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4449] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4450], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4450 [pid 4449] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4449] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4450 attached [pid 4450] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4450] memfd_create("syzkaller", 0) = 3 [pid 4450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4450] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4450] close(3) = 0 [pid 4450] mkdir("./file0", 0777) = 0 [pid 4450] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4450] chdir("./file0") = 0 [pid 4450] ioctl(4, LOOP_CLR_FD) = 0 [pid 4450] close(4) = 0 [pid 4450] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4449] <... futex resumed>) = 0 [pid 4450] <... futex resumed>) = 1 [pid 4449] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4450] open(".", O_RDONLY [pid 4449] <... futex resumed>) = 0 [pid 4449] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4450] <... open resumed>) = 4 [pid 4450] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4449] <... futex resumed>) = 0 [pid 4450] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4449] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4449] <... futex resumed>) = 0 [pid 4450] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4449] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4450] <... mkdirat resumed>) = 0 [pid 4450] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4449] <... futex resumed>) = 0 [pid 4449] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4449] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4450] sync( [pid 4449] <... futex resumed>) = 0 [pid 4449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4449] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4449] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4451], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4451 [pid 4449] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4449] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4451 attached [pid 4451] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4451] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4451] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4449] <... futex resumed>) = 0 [pid 4451] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4450] <... sync resumed>) = 0 [pid 4450] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4450] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4449] exit_group(0) = ? [pid 4451] <... futex resumed>) = ? [pid 4451] +++ exited with 0 +++ [pid 4450] <... futex resumed>) = ? [pid 4450] +++ exited with 0 +++ [pid 4449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4449, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./272/binderfs") = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 78.150633][ T4450] loop0: detected capacity change from 0 to 64 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4452 ./strace-static-x86_64: Process 4452 attached [pid 4452] set_robust_list(0x5555563795e0, 24) = 0 [pid 4452] chdir("./273") = 0 [pid 4452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4452] setpgid(0, 0) = 0 [pid 4452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4452] write(3, "1000", 4) = 4 [pid 4452] close(3) = 0 [pid 4452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4452] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4452] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4452] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4453 attached [pid 4453] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4453] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4452] <... clone resumed>, parent_tid=[4453], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4453 [pid 4452] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4452] <... futex resumed>) = 1 [pid 4453] memfd_create("syzkaller", 0) = 3 [pid 4452] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4453] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4453] close(3) = 0 [pid 4453] mkdir("./file0", 0777) = 0 [pid 4453] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4453] chdir("./file0") = 0 [pid 4453] ioctl(4, LOOP_CLR_FD) = 0 [pid 4453] close(4) = 0 [pid 4453] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4452] <... futex resumed>) = 0 [pid 4452] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] open(".", O_RDONLY [pid 4452] <... futex resumed>) = 0 [pid 4452] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4453] <... open resumed>) = 4 [pid 4453] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4452] <... futex resumed>) = 0 [pid 4453] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4452] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4452] <... futex resumed>) = 1 [pid 4453] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4452] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4453] <... mkdirat resumed>) = 0 [pid 4453] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4452] <... futex resumed>) = 0 [pid 4453] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4452] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4452] <... futex resumed>) = 1 [pid 4453] sync( [pid 4452] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4452] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4452] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4454], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4454 [pid 4452] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4454 attached ) = 0 [pid 4452] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] set_robust_list(0x7fa6ebe889e0, 24 [pid 4453] <... sync resumed>) = 0 [pid 4454] <... set_robust_list resumed>) = 0 [pid 4453] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4454] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4454] <... openat resumed>) = 5 [pid 4454] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4452] <... futex resumed>) = 0 [pid 4454] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4452] exit_group(0 [pid 4454] <... futex resumed>) = ? [pid 4453] <... futex resumed>) = ? [pid 4452] <... exit_group resumed>) = ? [pid 4453] +++ exited with 0 +++ [pid 4454] +++ exited with 0 +++ [pid 4452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4452, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./273/binderfs") = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 [ 78.245661][ T4453] loop0: detected capacity change from 0 to 64 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4455 ./strace-static-x86_64: Process 4455 attached [pid 4455] set_robust_list(0x5555563795e0, 24) = 0 [pid 4455] chdir("./274") = 0 [pid 4455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4455] setpgid(0, 0) = 0 [pid 4455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4455] write(3, "1000", 4) = 4 [pid 4455] close(3) = 0 [pid 4455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4455] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4455] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4455] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4456 attached , parent_tid=[4456], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4456 [pid 4456] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4456] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4455] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4456] <... futex resumed>) = 0 [pid 4456] memfd_create("syzkaller", 0 [pid 4455] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4456] <... memfd_create resumed>) = 3 [pid 4456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4456] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4456] close(3) = 0 [pid 4456] mkdir("./file0", 0777) = 0 [pid 4456] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4456] chdir("./file0") = 0 [pid 4456] ioctl(4, LOOP_CLR_FD) = 0 [pid 4456] close(4) = 0 [pid 4456] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4455] <... futex resumed>) = 0 [pid 4455] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4455] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4456] <... futex resumed>) = 1 [pid 4456] open(".", O_RDONLY) = 4 [pid 4456] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4455] <... futex resumed>) = 0 [pid 4455] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4455] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4456] <... futex resumed>) = 1 [pid 4456] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4456] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4455] <... futex resumed>) = 0 [pid 4455] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4455] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4455] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4455] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4457], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4457 [pid 4455] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4455] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4456] <... futex resumed>) = 1 [pid 4456] sync(./strace-static-x86_64: Process 4457 attached [pid 4457] set_robust_list(0x7fa6ebe889e0, 24 [pid 4456] <... sync resumed>) = 0 [pid 4457] <... set_robust_list resumed>) = 0 [pid 4457] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4457] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4455] <... futex resumed>) = 0 [pid 4457] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4456] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4456] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4455] exit_group(0) = ? [pid 4456] <... futex resumed>) = ? [pid 4456] +++ exited with 0 +++ [pid 4457] <... futex resumed>) = ? [pid 4457] +++ exited with 0 +++ [pid 4455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4455, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./274/binderfs") = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 [ 78.338307][ T4456] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4458 ./strace-static-x86_64: Process 4458 attached [pid 4458] set_robust_list(0x5555563795e0, 24) = 0 [pid 4458] chdir("./275") = 0 [pid 4458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4458] setpgid(0, 0) = 0 [pid 4458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4458] write(3, "1000", 4) = 4 [pid 4458] close(3) = 0 [pid 4458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4458] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4458] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4458] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4459 attached [pid 4459] set_robust_list(0x7fa6ebea99e0, 24 [pid 4458] <... clone resumed>, parent_tid=[4459], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4459 [pid 4459] <... set_robust_list resumed>) = 0 [pid 4458] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4458] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4459] memfd_create("syzkaller", 0) = 3 [pid 4459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4459] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4459] close(3) = 0 [pid 4459] mkdir("./file0", 0777) = 0 [pid 4459] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4459] chdir("./file0") = 0 [pid 4459] ioctl(4, LOOP_CLR_FD) = 0 [pid 4459] close(4) = 0 [pid 4459] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4458] <... futex resumed>) = 0 [pid 4459] open(".", O_RDONLY [pid 4458] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4458] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4459] <... open resumed>) = 4 [pid 4459] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4458] <... futex resumed>) = 0 [pid 4458] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4459] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4458] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4459] <... mkdirat resumed>) = 0 [pid 4459] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4458] <... futex resumed>) = 0 [pid 4458] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4458] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4459] sync( [pid 4458] <... mmap resumed>) = 0x7fa6ebe68000 [pid 4458] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4458] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4460], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4460 [pid 4458] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4460 attached ) = 0 [pid 4458] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4460] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4460] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 4459] <... sync resumed>) = 0 [pid 4459] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4459] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4460] <... openat resumed>) = 5 [pid 4460] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4458] <... futex resumed>) = 0 [pid 4460] <... futex resumed>) = 1 [pid 4458] exit_group(0 [pid 4459] <... futex resumed>) = ? [pid 4458] <... exit_group resumed>) = ? [pid 4459] +++ exited with 0 +++ [pid 4460] +++ exited with 0 +++ [pid 4458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4458, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./275/binderfs") = 0 [ 78.425508][ T4459] loop0: detected capacity change from 0 to 64 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4461 ./strace-static-x86_64: Process 4461 attached [pid 4461] set_robust_list(0x5555563795e0, 24) = 0 [pid 4461] chdir("./276") = 0 [pid 4461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4461] setpgid(0, 0) = 0 [pid 4461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4461] write(3, "1000", 4) = 4 [pid 4461] close(3) = 0 [pid 4461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4461] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4461] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4461] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4462 attached , parent_tid=[4462], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4462 [pid 4462] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4462] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4461] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4462] <... futex resumed>) = 0 [pid 4462] memfd_create("syzkaller", 0 [pid 4461] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4462] <... memfd_create resumed>) = 3 [pid 4462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4462] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4462] close(3) = 0 [pid 4462] mkdir("./file0", 0777) = 0 [pid 4462] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4462] chdir("./file0") = 0 [pid 4462] ioctl(4, LOOP_CLR_FD) = 0 [pid 4462] close(4) = 0 [pid 4462] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4461] <... futex resumed>) = 0 [pid 4462] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4461] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4461] <... futex resumed>) = 0 [pid 4462] open(".", O_RDONLY [pid 4461] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4462] <... open resumed>) = 4 [pid 4462] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4461] <... futex resumed>) = 0 [pid 4462] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 4461] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4461] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4462] <... mkdirat resumed>) = 0 [pid 4462] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4461] <... futex resumed>) = 0 [pid 4462] sync( [pid 4461] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4461] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4461] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4461] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4463 attached , parent_tid=[4463], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4463 [pid 4463] set_robust_list(0x7fa6ebe889e0, 24 [pid 4461] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4461] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4462] <... sync resumed>) = 0 [pid 4462] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4462] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4463] <... set_robust_list resumed>) = 0 [pid 4463] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4463] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4461] <... futex resumed>) = 0 [pid 4463] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4461] exit_group(0) = ? [pid 4462] <... futex resumed>) = ? [pid 4462] +++ exited with 0 +++ [pid 4463] <... futex resumed>) = ? [pid 4463] +++ exited with 0 +++ [pid 4461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4461, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555637a620 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./276/binderfs") = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556382660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556382660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x55555637a620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 78.529476][ T4462] loop0: detected capacity change from 0 to 64 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563795d0) = 4464 ./strace-static-x86_64: Process 4464 attached [pid 4464] set_robust_list(0x5555563795e0, 24) = 0 [pid 4464] chdir("./277") = 0 [pid 4464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4464] setpgid(0, 0) = 0 [pid 4464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4464] write(3, "1000", 4) = 4 [pid 4464] close(3) = 0 [pid 4464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4464] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe89000 [pid 4464] mprotect(0x7fa6ebe8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4464] clone(child_stack=0x7fa6ebea93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4465 attached [pid 4465] set_robust_list(0x7fa6ebea99e0, 24) = 0 [pid 4464] <... clone resumed>, parent_tid=[4465], tls=0x7fa6ebea9700, child_tidptr=0x7fa6ebea99d0) = 4465 [pid 4465] futex(0x7fa6ebf827a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4464] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4465] <... futex resumed>) = 0 [pid 4464] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4465] memfd_create("syzkaller", 0) = 3 [pid 4465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e3a00000 [pid 4465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 4465] munmap(0x7fa6e3a00000, 32768) = 0 [pid 4465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4465] close(3) = 0 [pid 4465] mkdir("./file0", 0777) = 0 [pid 4465] mount("/dev/loop0", "./file0", "hfs", 0, "") = 0 [pid 4465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4465] chdir("./file0") = 0 [pid 4465] ioctl(4, LOOP_CLR_FD) = 0 [pid 4465] close(4) = 0 [pid 4465] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4464] <... futex resumed>) = 0 [pid 4464] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4464] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4465] <... futex resumed>) = 1 [pid 4465] open(".", O_RDONLY) = 4 [pid 4465] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4464] <... futex resumed>) = 0 [pid 4464] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4464] futex(0x7fa6ebf827ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4465] <... futex resumed>) = 1 [pid 4465] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 4465] futex(0x7fa6ebf827ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4464] <... futex resumed>) = 0 [pid 4464] futex(0x7fa6ebf827a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4464] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa6ebe68000 [pid 4464] mprotect(0x7fa6ebe69000, 131072, PROT_READ|PROT_WRITE [pid 4465] <... futex resumed>) = 1 [pid 4464] <... mprotect resumed>) = 0 [pid 4464] clone(child_stack=0x7fa6ebe883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4465] sync( [pid 4464] <... clone resumed>, parent_tid=[4466], tls=0x7fa6ebe88700, child_tidptr=0x7fa6ebe889d0) = 4466 [pid 4464] futex(0x7fa6ebf827b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4466 attached [pid 4464] futex(0x7fa6ebf827bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4466] set_robust_list(0x7fa6ebe889e0, 24) = 0 [pid 4466] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 5 [pid 4466] futex(0x7fa6ebf827bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4466] futex(0x7fa6ebf827b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4464] <... futex resumed>) = 0 [ 78.614114][ T4465] loop0: detected capacity change from 0 to 64 [ 78.651676][ T3634] ------------[ cut here ]------------ [ 78.657365][ T3634] kernel BUG at fs/hfs/bnode.c:466! [ 78.663074][ T3634] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 78.669156][ T3634] CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0 [ 78.679297][ T3634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 78.689343][ T3634] Workqueue: writeback wb_workfn (flush-7:0) [ 78.695353][ T3634] RIP: 0010:hfs_bnode_put+0x46f/0x480 [ 78.700730][ T3634] Code: 8a 80 ff e9 73 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a0 fe ff ff 48 89 df e8 db 8a 80 ff e9 93 fe ff ff e8 a1 68 2c ff <0f> 0b e8 9a 68 2c ff 0f 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56 [ 78.720421][ T3634] RSP: 0018:ffffc90003b4f258 EFLAGS: 00010293 [ 78.726483][ T3634] RAX: ffffffff825e318f RBX: 0000000000000000 RCX: ffff8880739dd7c0 [ 78.734453][ T3634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 78.742416][ T3634] RBP: ffffc90003b4f430 R08: ffffffff825e2d9b R09: ffffed10045157d1 [ 78.750377][ T3634] R10: ffffed10045157d1 R11: 1ffff110045157d0 R12: ffff8880228abe80 [ 78.758358][ T3634] R13: ffff88807016c000 R14: dffffc0000000000 R15: ffff8880228abe00 [ 78.766321][ T3634] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 78.775253][ T3634] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.781827][ T3634] CR2: 00007fa6ebe88718 CR3: 000000001e93d000 CR4: 00000000003506f0 [ 78.789816][ T3634] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.797773][ T3634] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.805735][ T3634] Call Trace: [ 78.809015][ T3634] [ 78.811949][ T3634] hfs_write_inode+0x1bc/0xb40 [ 78.816722][ T3634] ? trace_lock_release+0x95/0x220 [ 78.821840][ T3634] ? hfs_inode_write_fork+0x1b0/0x1b0 [ 78.827218][ T3634] ? rcu_read_lock_sched_held+0x87/0x110 [ 78.832851][ T3634] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 78.838827][ T3634] ? do_raw_spin_unlock+0x134/0x8a0 [ 78.844024][ T3634] __writeback_single_inode+0x4d6/0x670 [ 78.849568][ T3634] writeback_sb_inodes+0xb3b/0x18f0 [ 78.854767][ T3634] ? queue_io+0x400/0x400 [ 78.859099][ T3634] __writeback_inodes_wb+0x125/0x420 [ 78.864380][ T3634] wb_writeback+0x440/0x7b0 [ 78.868886][ T3634] ? trace_writeback_exec+0x2c0/0x2c0 [ 78.874249][ T3634] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 78.880218][ T3634] ? _find_next_bit+0x134/0x140 [ 78.885073][ T3634] wb_workfn+0x827/0xef0 [ 78.889313][ T3634] ? inode_wait_for_writeback+0x2c0/0x2c0 [ 78.895030][ T3634] ? rcu_read_lock_sched_held+0x87/0x110 [ 78.900650][ T3634] ? do_raw_spin_unlock+0x134/0x8a0 [ 78.905843][ T3634] process_one_work+0x877/0xdb0 [ 78.910692][ T3634] ? worker_detach_from_pool+0x260/0x260 [ 78.916315][ T3634] ? _raw_spin_lock_irq+0xba/0xf0 [ 78.921350][ T3634] ? _raw_spin_lock_irqsave+0x100/0x100 [ 78.926897][ T3634] worker_thread+0xb14/0x1330 [ 78.931569][ T3634] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 78.937457][ T3634] kthread+0x266/0x300 [ 78.941516][ T3634] ? rcu_lock_release+0x20/0x20 [ 78.946356][ T3634] ? kthread_blkcg+0xd0/0xd0 [ 78.950935][ T3634] ret_from_fork+0x1f/0x30 [ 78.955351][ T3634] [ 78.958355][ T3634] Modules linked in: [ 78.965328][ T3634] ---[ end trace 0000000000000000 ]--- [ 78.970832][ T3634] RIP: 0010:hfs_bnode_put+0x46f/0x480 [ 78.976239][ T3634] Code: 8a 80 ff e9 73 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a0 fe ff ff 48 89 df e8 db 8a 80 ff e9 93 fe ff ff e8 a1 68 2c ff <0f> 0b e8 9a 68 2c ff 0f 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56 [ 78.996226][ T3634] RSP: 0018:ffffc90003b4f258 EFLAGS: 00010293 [ 79.002358][ T3634] RAX: ffffffff825e318f RBX: 0000000000000000 RCX: ffff8880739dd7c0 [ 79.010418][ T3634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 79.018425][ T3634] RBP: ffffc90003b4f430 R08: ffffffff825e2d9b R09: ffffed10045157d1 [ 79.026481][ T3634] R10: ffffed10045157d1 R11: 1ffff110045157d0 R12: ffff8880228abe80 [ 79.034488][ T3634] R13: ffff88807016c000 R14: dffffc0000000000 R15: ffff8880228abe00 [ 79.042483][ T3634] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 79.051473][ T3634] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.058059][ T3634] CR2: 00007fa6ebe88718 CR3: 000000001e93d000 CR4: 00000000003506f0 [ 79.066055][ T3634] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.074070][ T3634] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.082075][ T3634] Kernel panic - not syncing: Fatal exception [ 79.088272][ T3634] Kernel Offset: disabled [ 79.092586][ T3634] Rebooting in 86400 seconds..