./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2982371932 <...> Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. execve("./syz-executor2982371932", ["./syz-executor2982371932"], 0x7ffc218d6060 /* 10 vars */) = 0 brk(NULL) = 0x555556af4000 brk(0x555556af4c40) = 0x555556af4c40 arch_prctl(ARCH_SET_FS, 0x555556af4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556af45d0) = 5075 set_robust_list(0x555556af45e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f125e497510, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f125e497be0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f125e4975b0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f125e497be0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2982371932", 4096) = 28 brk(0x555556b15c40) = 0x555556b15c40 brk(0x555556b16000) = 0x555556b16000 mprotect(0x7f125e559000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5075 mkdir("./syzkaller.lFP3mV", 0700) = 0 chmod("./syzkaller.lFP3mV", 0777) = 0 chdir("./syzkaller.lFP3mV") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5076 ./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x555556af45e0, 24) = 0 [pid 5076] chdir("./0") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5076] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5078 [pid 5076] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5078] munmap(0x7f1256066000, 65536) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file0") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5078] open("./file0", O_RDONLY [pid 5076] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] <... open resumed>) = 4 syzkaller login: [ 56.462904][ T5078] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5078 'syz-executor298' [ 56.478519][ T5078] loop0: detected capacity change from 0 to 128 [ 56.492226][ T5078] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 56.503577][ T5078] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5076] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5078] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5076] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] <... mkdirat resumed>) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5078] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... mmap resumed>) = 0x7f1256055000 [pid 5076] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5076] <... clone resumed>, parent_tid=[5079], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5079 [pid 5076] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5079] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5076] exit_group(0) = ? [pid 5078] <... futex resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x555556af45e0, 24) = 0 [pid 5080] chdir("./1") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5080] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5081 [pid 5080] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5081] munmap(0x7f1256066000, 65536) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] open("./file0", O_RDONLY) = 4 [pid 5081] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5080] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5082], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5082 [pid 5080] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [pid 5081] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5081] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5082] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5082] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] exit_group(0) = ? [pid 5081] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 56.609005][ T5081] loop0: detected capacity change from 0 to 128 [ 56.620772][ T5081] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 56.633528][ T5081] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x555556af45e0, 24 [pid 5075] <... clone resumed>, child_tidptr=0x555556af45d0) = 5083 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5083] chdir("./2") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5083] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5084], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5084 [pid 5083] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5084] munmap(0x7f1256066000, 65536) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file0", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file0") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5084] open("./file0", O_RDONLY [pid 5083] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... open resumed>) = 4 [pid 5084] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5084] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5084] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5083] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] <... mkdirat resumed>) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... mmap resumed>) = 0x7f1256055000 [pid 5083] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5085] futex(0x7f125e55f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... clone resumed>, parent_tid=[5085], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5085 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5085] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5085] futex(0x7f125e55f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] exit_group(0 [pid 5084] <... futex resumed>) = ? [pid 5083] <... exit_group resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.736575][ T5084] loop0: detected capacity change from 0 to 128 [ 56.748630][ T5084] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 56.760378][ T5084] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x555556af45e0, 24) = 0 [pid 5086] chdir("./3") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5086] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x7f125e4869e0, 24 [pid 5086] <... clone resumed>, parent_tid=[5087], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5087 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5086] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] memfd_create("syzkaller", 0 [pid 5086] <... futex resumed>) = 0 [pid 5087] <... memfd_create resumed>) = 3 [pid 5086] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5087] munmap(0x7f1256066000, 65536) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file0", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file0") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5086] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] open("./file0", O_RDONLY) = 4 [pid 5087] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5086] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5086] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE [pid 5087] <... mkdirat resumed>) = 0 [pid 5087] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... mprotect resumed>) = 0 [pid 5086] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5088 ./strace-static-x86_64: Process 5088 attached [pid 5086] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] set_robust_list(0x7f12560759e0, 24 [pid 5086] <... futex resumed>) = 0 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5086] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5088] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5088] futex(0x7f125e55f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] exit_group(0) = ? [pid 5087] <... futex resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5088] <... futex resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5089 ./strace-static-x86_64: Process 5089 attached [ 56.859435][ T5087] loop0: detected capacity change from 0 to 128 [ 56.869193][ T5087] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 56.880737][ T5087] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5089] set_robust_list(0x555556af45e0, 24) = 0 [pid 5089] chdir("./4") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5089] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5089] <... clone resumed>, parent_tid=[5090], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5090 [pid 5089] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] memfd_create("syzkaller", 0 [pid 5089] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5090] <... memfd_create resumed>) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5090] munmap(0x7f1256066000, 65536) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] open("./file0", O_RDONLY) = 4 [pid 5090] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5089] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5091 [pid 5089] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5090] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5091] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5091] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] exit_group(0) = ? [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x555556af45e0, 24) = 0 [pid 5092] chdir("./5") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 56.965346][ T5090] loop0: detected capacity change from 0 to 128 [ 56.975748][ T5090] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 56.987273][ T5090] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5092] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5093 attached , parent_tid=[5093], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5093 [pid 5093] set_robust_list(0x7f125e4869e0, 24 [pid 5092] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... set_robust_list resumed>) = 0 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5093] munmap(0x7f1256066000, 65536) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file0", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file0") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5093] open("./file0", O_RDONLY [pid 5092] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... open resumed>) = 4 [pid 5093] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5093] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5092] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5093] <... mkdirat resumed>) = 0 [pid 5092] <... mmap resumed>) = 0x7f1256055000 [pid 5093] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE [pid 5093] <... futex resumed>) = 0 [pid 5092] <... mprotect resumed>) = 0 [pid 5093] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7f12560759e0, 24 [pid 5092] <... clone resumed>, parent_tid=[5094], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5094 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5092] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... rename resumed>) = 0 [pid 5094] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] exit_group(0 [pid 5093] <... futex resumed>) = ? [pid 5092] <... exit_group resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5094] <... futex resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 [ 57.064934][ T5093] loop0: detected capacity change from 0 to 128 [ 57.076050][ T5093] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.087072][ T5093] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x555556af45e0, 24) = 0 [pid 5095] chdir("./6") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5095] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5096], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5096 [pid 5095] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5096] munmap(0x7f1256066000, 65536) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file0") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] open("./file0", O_RDONLY [pid 5095] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... open resumed>) = 4 [pid 5096] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5095] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... mkdirat resumed>) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... mmap resumed>) = 0x7f1256055000 [pid 5096] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5097 attached , parent_tid=[5097], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5097 [pid 5097] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5097] futex(0x7f125e55f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 0 [pid 5097] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5097] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5095] <... exit_group resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5097] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 [ 57.177745][ T5096] loop0: detected capacity change from 0 to 128 [ 57.188716][ T5096] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.200835][ T5096] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x555556af45e0, 24) = 0 [pid 5098] chdir("./7") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5098] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5099 [pid 5098] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5099] munmap(0x7f1256066000, 65536) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file0", 0777) = 0 [pid 5099] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file0") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] open("./file0", O_RDONLY) = 4 [pid 5099] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5098] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5100], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5100 [pid 5098] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5099] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5100] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5100] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] exit_group(0 [pid 5099] <... futex resumed>) = ? [pid 5098] <... exit_group resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x555556af45e0, 24) = 0 [pid 5101] chdir("./8") = 0 [ 57.281642][ T5099] loop0: detected capacity change from 0 to 128 [ 57.291305][ T5099] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.304736][ T5099] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5101] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5102 attached , parent_tid=[5102], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5102 [pid 5102] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5102] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5101] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5102] munmap(0x7f1256066000, 65536) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file0", 0777) = 0 [ 57.379978][ T5102] loop0: detected capacity change from 0 to 128 [ 57.410426][ T5102] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [pid 5102] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file0") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5102] open("./file0", O_RDONLY [pid 5101] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... open resumed>) = 4 [pid 5102] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5101] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... mkdirat resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5102] <... futex resumed>) = 0 [pid 5101] <... mmap resumed>) = 0x7f1256055000 [pid 5102] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5103], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5103 [pid 5101] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5103] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5103] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] exit_group(0 [pid 5102] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5103] <... futex resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 57.422414][ T5102] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5104 ./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x555556af45e0, 24) = 0 [pid 5104] chdir("./9") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5104] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5104] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5105] munmap(0x7f1256066000, 65536) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] open("./file0", O_RDONLY [pid 5104] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... open resumed>) = 4 [pid 5105] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5104] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5105] <... mkdirat resumed>) = 0 [pid 5104] <... mmap resumed>) = 0x7f1256055000 [pid 5105] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE [pid 5105] <... futex resumed>) = 0 [pid 5104] <... mprotect resumed>) = 0 [pid 5105] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5106], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5106 [pid 5104] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5106] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5106] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] exit_group(0) = ? [pid 5105] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5106] <... futex resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 [ 57.507499][ T5105] loop0: detected capacity change from 0 to 128 [ 57.517187][ T5105] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.528204][ T5105] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5107 ./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x555556af45e0, 24) = 0 [pid 5107] chdir("./10") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5107] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5108] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... clone resumed>, parent_tid=[5108], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5108 [pid 5107] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5107] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5108] munmap(0x7f1256066000, 65536) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file0", 0777) = 0 [pid 5108] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file0") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] open("./file0", O_RDONLY) = 4 [pid 5108] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5107] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5109 [pid 5107] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5108] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5109] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5109] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] exit_group(0) = ? [pid 5108] <... futex resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x555556af45e0, 24) = 0 [pid 5110] chdir("./11") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 57.612821][ T5108] loop0: detected capacity change from 0 to 128 [ 57.632696][ T5108] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.643567][ T5108] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5110] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5111] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... clone resumed>, parent_tid=[5111], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5111 [pid 5110] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5110] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5111] munmap(0x7f1256066000, 65536) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file0", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file0") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5110] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] open("./file0", O_RDONLY) = 4 [pid 5111] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5111] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5110] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... mkdirat resumed>) = 0 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... mmap resumed>) = 0x7f1256055000 [pid 5110] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5112], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5112 [pid 5110] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5112] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5111] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... rename resumed>) = 0 [pid 5112] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] exit_group(0) = ? [pid 5111] <... futex resumed>) = ? [pid 5112] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5113 ./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x555556af45e0, 24) = 0 [ 57.713181][ T5111] loop0: detected capacity change from 0 to 128 [ 57.725458][ T5111] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.737113][ T5111] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5113] chdir("./12") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5113] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5114], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5114 [pid 5113] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5114] munmap(0x7f1256066000, 65536) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file0", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file0") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] open("./file0", O_RDONLY) = 4 [pid 5114] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5114] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5113] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... mkdirat resumed>) = 0 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... mmap resumed>) = 0x7f1256055000 [pid 5113] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x7f12560759e0, 24 [pid 5113] <... clone resumed>, parent_tid=[5115], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5115 [pid 5115] <... set_robust_list resumed>) = 0 [pid 5113] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... rename resumed>) = 0 [pid 5115] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5115] futex(0x7f125e55f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] exit_group(0 [pid 5115] <... futex resumed>) = ? [pid 5114] <... futex resumed>) = ? [pid 5113] <... exit_group resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.810782][ T5114] loop0: detected capacity change from 0 to 128 [ 57.822433][ T5114] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.834170][ T5114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x555556af45e0, 24) = 0 [pid 5116] chdir("./13") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5116] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5117], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5117 [pid 5116] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5117] munmap(0x7f1256066000, 65536) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file0", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file0") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] open("./file0", O_RDONLY [pid 5116] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... open resumed>) = 4 [pid 5117] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5116] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5117] <... mkdirat resumed>) = 0 [pid 5116] <... mmap resumed>) = 0x7f1256055000 [pid 5117] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE [pid 5117] <... futex resumed>) = 0 [pid 5116] <... mprotect resumed>) = 0 [pid 5117] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5118 [pid 5116] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5118] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5118] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] exit_group(0 [pid 5117] <... futex resumed>) = ? [pid 5116] <... exit_group resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.935948][ T5117] loop0: detected capacity change from 0 to 128 [ 57.946125][ T5117] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 57.958856][ T5117] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x555556af45e0, 24) = 0 [pid 5119] chdir("./14") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5119] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5120 attached , parent_tid=[5120], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5120 [pid 5119] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5120] munmap(0x7f1256066000, 65536) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] open("./file0", O_RDONLY [pid 5119] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... open resumed>) = 4 [pid 5120] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5119] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5119] <... clone resumed>, parent_tid=[5121], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5121 [pid 5119] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5119] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5121] <... rename resumed>) = 0 [pid 5121] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] <... mkdirat resumed>) = 0 [ 58.089200][ T5120] loop0: detected capacity change from 0 to 128 [ 58.101520][ T5120] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 58.112837][ T5120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5121] futex(0x7f125e55f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] exit_group(0) = ? [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x555556af45e0, 24) = 0 [pid 5122] chdir("./15") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5122] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5123 attached , parent_tid=[5123], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5123 [pid 5123] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5123] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5122] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5123] munmap(0x7f1256066000, 65536) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] open("./file0", O_RDONLY [pid 5122] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 4 [pid 5123] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5122] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5122] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE [pid 5123] <... mkdirat resumed>) = 0 [pid 5122] <... mprotect resumed>) = 0 [pid 5123] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5124 attached [pid 5123] <... futex resumed>) = 0 [pid 5124] set_robust_list(0x7f12560759e0, 24 [pid 5123] futex(0x7f125e55f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... clone resumed>, parent_tid=[5124], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5124 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5122] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... rename resumed>) = 0 [pid 5124] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] exit_group(0) = ? [pid 5123] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556af5620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556afd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556afd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556af5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 58.213312][ T5123] loop0: detected capacity change from 0 to 128 [ 58.223419][ T5123] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 58.235021][ T5123] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af45d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x555556af45e0, 24) = 0 [pid 5125] chdir("./16") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f125e466000 [pid 5125] mprotect(0x7f125e467000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f125e4863f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7f125e486700, child_tidptr=0x7f125e4869d0) = 5126 ./strace-static-x86_64: Process 5126 attached [pid 5125] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] set_robust_list(0x7f125e4869e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1256066000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 5126] munmap(0x7f1256066000, 65536) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file0", "udf", 0, "") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f125e55f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] open("./file0", O_RDONLY) = 4 [pid 5126] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5125] futex(0x7f125e55f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f125e55f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1256055000 [pid 5126] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5125] mprotect(0x7f1256056000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f12560753f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5127], tls=0x7f1256075700, child_tidptr=0x7f12560759d0) = 5127 [pid 5125] futex(0x7f125e55f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f125e55f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5127 attached [pid 5127] set_robust_list(0x7f12560759e0, 24) = 0 [pid 5127] rename("./file0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5126] <... mkdirat resumed>) = 0 [ 58.319143][ T5126] loop0: detected capacity change from 0 to 128 [ 58.330145][ T5126] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 58.341273][ T5126] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 58.376470][ T5127] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 58.388215][ T5127] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 58.396655][ T5127] CPU: 0 PID: 5127 Comm: syz-executor298 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0 [ 58.406555][ T5127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 58.416612][ T5127] RIP: 0010:udf_fiiter_write_fi+0x14e/0x9d0 [ 58.422535][ T5127] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 1b 08 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 10 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ed 07 00 00 49 8b 44 24 28 48 8d 7b 18 48 89 fa [ 58.442146][ T5127] RSP: 0018:ffffc90003daf818 EFLAGS: 00010206 [ 58.448218][ T5127] RAX: dffffc0000000000 RBX: ffffc90003dafad0 RCX: 0000000000000000 [ 58.456189][ T5127] RDX: 0000000000000005 RSI: ffffffff82deb2c5 RDI: 0000000000000028 [ 58.464161][ T5127] RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000003 [ 58.472131][ T5127] R10: 0000000000000001 R11: 0000000000094001 R12: 0000000000000000 [ 58.480102][ T5127] R13: ffff888072c92e30 R14: ffffc90003dafad0 R15: ffff888072c93498 [ 58.488074][ T5127] FS: 00007f1256075700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.497012][ T5127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.503600][ T5127] CR2: 00007f1256075718 CR3: 00000000204a4000 CR4: 00000000003506f0 [ 58.511579][ T5127] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.519551][ T5127] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.527527][ T5127] Call Trace: [ 58.530806][ T5127] [ 58.533749][ T5127] ? udf_update_tag+0x15a/0x1c0 [ 58.538618][ T5127] udf_rename+0x69d/0xb80 [ 58.542965][ T5127] ? udf_link+0x3f0/0x3f0 [ 58.547328][ T5127] ? rwlock_bug.part.0+0x90/0x90 [ 58.552283][ T5127] ? lock_acquire+0x32/0xc0 [ 58.556796][ T5127] ? lockref_get+0x15/0x50 [ 58.561231][ T5127] ? udf_link+0x3f0/0x3f0 [ 58.565572][ T5127] vfs_rename+0x1162/0x1a90 [ 58.570100][ T5127] ? path_openat+0x2b40/0x2b40 [ 58.574880][ T5127] ? do_raw_spin_unlock+0x175/0x230 [ 58.580099][ T5127] ? bpf_lsm_path_rename+0x9/0x10 [ 58.585138][ T5127] ? security_path_rename+0x158/0x230 [ 58.590521][ T5127] do_renameat2+0xb22/0xc30 [ 58.595037][ T5127] ? __ia32_sys_link+0xa0/0xa0 [ 58.599805][ T5127] ? trace_lock_acquire+0x1f1/0x290 [ 58.605017][ T5127] ? __virt_addr_valid+0x61/0x2e0 [ 58.610058][ T5127] ? __phys_addr_symbol+0x30/0x70 [ 58.615103][ T5127] ? strncpy_from_user+0x28b/0x3c0 [ 58.620235][ T5127] __x64_sys_rename+0x81/0xa0 [ 58.624918][ T5127] do_syscall_64+0x39/0xb0 [ 58.629359][ T5127] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.635269][ T5127] RIP: 0033:0x7f125e4da5b9 [ 58.639691][ T5127] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.659308][ T5127] RSP: 002b:00007f12560752f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 58.667739][ T5127] RAX: ffffffffffffffda RBX: 00007f125e55f7b0 RCX: 00007f125e4da5b9 [pid 5126] futex(0x7f125e55f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5126] <... futex resumed>) = 0 [ 58.675716][ T5127] RDX: 00007f1256075700 RSI: 0000000020000100 RDI: 0000000020000040 [ 58.683689][ T5127] RBP: 0030656c69662f2e R08: 00007f1256075700 R09: 0000000000000000 [ 58.691663][ T5127] R10: 00007f1256075700 R11: 0000000000000246 R12: 00007f125e52c0c0 [ 58.699638][ T5127] R13: 0000000020000580 R14: f6f2cbf92df09e20 R15: 00007f125e55f7b8 [ 58.707619][ T5127] [ 58.710641][ T5127] Modules linked in: [ 58.715107][ T5127] ---[ end trace 0000000000000000 ]--- [ 58.721035][ T5127] RIP: 0010:udf_fiiter_write_fi+0x14e/0x9d0 [ 58.727165][ T5127] Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 1b 08 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 10 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ed 07 00 00 49 8b 44 24 28 48 8d 7b 18 48 89 fa [ 58.747073][ T5127] RSP: 0018:ffffc90003daf818 EFLAGS: 00010206 [ 58.753232][ T5127] RAX: dffffc0000000000 RBX: ffffc90003dafad0 RCX: 0000000000000000 [ 58.761247][ T5127] RDX: 0000000000000005 RSI: ffffffff82deb2c5 RDI: 0000000000000028 [ 58.769262][ T5127] RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000003 [ 58.777277][ T5127] R10: 0000000000000001 R11: 0000000000094001 R12: 0000000000000000 [ 58.785291][ T5127] R13: ffff888072c92e30 R14: ffffc90003dafad0 R15: ffff888072c93498 [ 58.793302][ T5127] FS: 00007f1256075700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.802277][ T5127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.808883][ T5127] CR2: 00007f125e51bc90 CR3: 00000000204a4000 CR4: 00000000003506f0 [ 58.816891][ T5127] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.824924][ T5127] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.833121][ T5127] Kernel panic - not syncing: Fatal exception [ 58.839336][ T5127] Kernel Offset: disabled [ 58.843656][ T5127] Rebooting in 86400 seconds..