./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3547834509 <...> RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6065] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6064] <... openat resumed>) = 6 [pid 6064] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = 0 [pid 6063] exit_group(0) = ? [pid 6064] <... futex resumed>) = ? [pid 6064] +++ exited with 0 +++ [pid 6065] <... futex resumed>) = ? [pid 6065] +++ exited with 0 +++ [pid 6063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./339/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./339/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./339/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/bus") = 0 umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./339/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6066 attached , child_tidptr=0x5555564f6750) = 6066 [pid 6066] set_robust_list(0x5555564f6760, 24) = 0 [pid 6066] chdir("./340") = 0 [pid 6066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6066] setpgid(0, 0) = 0 [pid 6066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6066] write(3, "1000", 4) = 4 [pid 6066] close(3) = 0 [pid 6066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6066] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6067 attached [pid 6067] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6066] <... clone3 resumed> => {parent_tid=[6067]}, 88) = 6067 [pid 6067] <... rseq resumed>) = 0 [pid 6067] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6067] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] memfd_create("syzkaller", 0 [pid 6066] <... futex resumed>) = 0 [pid 6067] <... memfd_create resumed>) = 3 [pid 6066] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6067] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6067] close(3) = 0 [pid 6067] mkdir("./bus", 0777) = 0 [pid 6067] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6067] chdir("./bus") = 0 [pid 6067] ioctl(4, LOOP_CLR_FD) = 0 [pid 6067] close(4) = 0 [pid 6067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6067] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6066] <... futex resumed>) = 1 [pid 6067] memfd_create("syzkaller", 0 [pid 6066] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6067] <... memfd_create resumed>) = 4 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6067] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6067] munmap(0x7f6d360cf000, 32768) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6067] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6067] ioctl(5, LOOP_CLR_FD) = 0 [pid 6067] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6067] close(5) = 0 [pid 6067] close(4) = 0 [pid 6067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] <... futex resumed>) = 0 [pid 6066] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6067] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6066] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... openat resumed>) = 4 [pid 6067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6067] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6066] <... futex resumed>) = 0 [pid 6066] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... write resumed>) = 12288 [pid 6067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6066] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6066] <... futex resumed>) = 0 [pid 6067] <... mmap resumed>) = 0x20000000 [pid 6067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... futex resumed>) = 0 [pid 6066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6066] <... futex resumed>) = 0 [ 124.387068][ T6067] loop0: detected capacity change from 0 to 64 [pid 6067] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6066] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6067] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6066] <... futex resumed>) = 0 [pid 6067] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6066] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6066] <... futex resumed>) = 0 [pid 6066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6067] <... openat resumed>) = 6 [pid 6066] <... mmap resumed>) = 0x7f6d360b6000 [pid 6067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6068 attached => {parent_tid=[6068]}, 88) = 6068 [pid 6068] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6066] rt_sigprocmask(SIG_SETMASK, [], [pid 6068] <... rseq resumed>) = 0 [pid 6066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6068] set_robust_list(0x7f6d360d69a0, 24 [pid 6066] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... set_robust_list resumed>) = 0 [pid 6066] <... futex resumed>) = 0 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], [pid 6066] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6068] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6068] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6068] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] exit_group(0 [pid 6068] <... futex resumed>) = ? [pid 6068] +++ exited with 0 +++ [pid 6067] <... futex resumed>) = ? [pid 6066] <... exit_group resumed>) = ? [pid 6067] +++ exited with 0 +++ [pid 6066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6066, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./340/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./340/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./340/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/bus") = 0 umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./340/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6069 attached , child_tidptr=0x5555564f6750) = 6069 [pid 6069] set_robust_list(0x5555564f6760, 24) = 0 [pid 6069] chdir("./341") = 0 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6069] setpgid(0, 0) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] write(3, "1000", 4) = 4 [pid 6069] close(3) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6069] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6069] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6070 attached => {parent_tid=[6070]}, 88) = 6070 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6069] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6070] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6070] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6070] memfd_create("syzkaller", 0) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6070] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6070] close(3) = 0 [pid 6070] mkdir("./bus", 0777) = 0 [pid 6070] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6070] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6070] chdir("./bus") = 0 [pid 6070] ioctl(4, LOOP_CLR_FD) = 0 [pid 6070] close(4) = 0 [pid 6070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] memfd_create("syzkaller", 0) = 4 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6070] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6070] munmap(0x7f6d360cf000, 32768) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6070] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6070] ioctl(5, LOOP_CLR_FD) = 0 [pid 6070] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6070] close(5) = 0 [pid 6070] close(4) = 0 [pid 6070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6069] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... write resumed>) = 12288 [pid 6070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... mmap resumed>) = 0x20000000 [pid 6070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 124.527902][ T6070] loop0: detected capacity change from 0 to 64 [pid 6070] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6069] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6071 attached [pid 6071] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6069] <... clone3 resumed> => {parent_tid=[6071]}, 88) = 6071 [pid 6071] <... rseq resumed>) = 0 [pid 6071] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6071] rt_sigprocmask(SIG_SETMASK, [], [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6071] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] <... futex resumed>) = 0 [pid 6071] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6069] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6071] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6071] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6069] <... futex resumed>) = 0 [pid 6071] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] <... openat resumed>) = 6 [pid 6070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6070] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] exit_group(0 [pid 6071] <... futex resumed>) = ? [pid 6070] <... futex resumed>) = ? [pid 6069] <... exit_group resumed>) = ? [pid 6070] +++ exited with 0 +++ [pid 6071] +++ exited with 0 +++ [pid 6069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./341/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./341/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./341/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/bus") = 0 umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./341/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6072 ./strace-static-x86_64: Process 6072 attached [pid 6072] set_robust_list(0x5555564f6760, 24) = 0 [pid 6072] chdir("./342") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6072] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6072] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6073 attached [pid 6073] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6073] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6072] <... clone3 resumed> => {parent_tid=[6073]}, 88) = 6073 [pid 6073] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6072] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = 1 [pid 6073] memfd_create("syzkaller", 0 [pid 6072] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] <... memfd_create resumed>) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6073] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6073] close(3) = 0 [pid 6073] mkdir("./bus", 0777) = 0 [pid 6073] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] chdir("./bus") = 0 [pid 6073] ioctl(4, LOOP_CLR_FD) = 0 [pid 6073] close(4) = 0 [pid 6073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 1 [pid 6073] memfd_create("syzkaller", 0) = 4 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6073] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6073] munmap(0x7f6d360cf000, 32768) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6073] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6073] ioctl(5, LOOP_CLR_FD) = 0 [pid 6073] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6073] close(5) = 0 [pid 6073] close(4) = 0 [pid 6073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6072] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... openat resumed>) = 4 [pid 6073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6073] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6072] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... write resumed>) = 12288 [pid 6073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = 1 [pid 6073] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6072] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... mmap resumed>) = 0x20000000 [pid 6073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6072] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6073] <... openat resumed>) = 6 [ 124.659445][ T6073] loop0: detected capacity change from 0 to 64 [pid 6072] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... mprotect resumed>) = 0 [pid 6073] <... futex resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6073] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6074 attached [pid 6074] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6072] <... clone3 resumed> => {parent_tid=[6074]}, 88) = 6074 [pid 6074] <... rseq resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6074] set_robust_list(0x7f6d360d69a0, 24 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6074] <... set_robust_list resumed>) = 0 [pid 6072] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] <... futex resumed>) = 0 [pid 6074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6072] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6074] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6074] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] exit_group(0 [pid 6074] <... futex resumed>) = ? [pid 6073] <... futex resumed>) = ? [pid 6072] <... exit_group resumed>) = ? [pid 6074] +++ exited with 0 +++ [pid 6073] +++ exited with 0 +++ [pid 6072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./342/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./342/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./342/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/bus") = 0 umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./342/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6075 attached , child_tidptr=0x5555564f6750) = 6075 [pid 6075] set_robust_list(0x5555564f6760, 24) = 0 [pid 6075] chdir("./343") = 0 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6075] setpgid(0, 0) = 0 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6075] write(3, "1000", 4) = 4 [pid 6075] close(3) = 0 [pid 6075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6075] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6075] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6076 attached => {parent_tid=[6076]}, 88) = 6076 [pid 6076] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6075] rt_sigprocmask(SIG_SETMASK, [], [pid 6076] <... rseq resumed>) = 0 [pid 6076] set_robust_list(0x7f6d468e79a0, 24 [pid 6075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] <... set_robust_list resumed>) = 0 [pid 6075] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6075] <... futex resumed>) = 0 [pid 6076] memfd_create("syzkaller", 0 [pid 6075] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6076] <... memfd_create resumed>) = 3 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6076] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6076] close(3) = 0 [pid 6076] mkdir("./bus", 0777) = 0 [pid 6076] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6076] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6076] chdir("./bus") = 0 [pid 6076] ioctl(4, LOOP_CLR_FD) = 0 [pid 6076] close(4) = 0 [pid 6076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6076] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = 0 [pid 6075] <... futex resumed>) = 1 [pid 6076] memfd_create("syzkaller", 0) = 4 [pid 6075] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6076] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6076] munmap(0x7f6d360cf000, 32768) = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6076] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6076] ioctl(5, LOOP_CLR_FD) = 0 [pid 6076] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6076] close(5) = 0 [pid 6076] close(4) = 0 [pid 6076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6076] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6075] <... futex resumed>) = 0 [pid 6076] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6075] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... openat resumed>) = 4 [pid 6076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = 1 [pid 6076] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... write resumed>) = 12288 [pid 6076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6076] <... futex resumed>) = 1 [pid 6076] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6075] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... mmap resumed>) = 0x20000000 [pid 6075] <... futex resumed>) = 0 [pid 6076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... futex resumed>) = 0 [pid 6075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6076] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6075] <... futex resumed>) = 0 [pid 6076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6075] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6076] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6075] <... futex resumed>) = 0 [pid 6076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6075] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6075] <... futex resumed>) = 0 [pid 6075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6076] <... openat resumed>) = 6 [pid 6075] <... mmap resumed>) = 0x7f6d360b6000 [pid 6076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6076] <... futex resumed>) = 0 [pid 6075] <... mprotect resumed>) = 0 [pid 6075] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6076] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6077 attached => {parent_tid=[6077]}, 88) = 6077 [pid 6075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6075] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 124.789041][ T6076] loop0: detected capacity change from 0 to 64 [pid 6075] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6077] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6077] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6077] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] <... futex resumed>) = 0 [pid 6077] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] exit_group(0 [pid 6077] <... futex resumed>) = ? [pid 6076] <... futex resumed>) = ? [pid 6075] <... exit_group resumed>) = ? [pid 6077] +++ exited with 0 +++ [pid 6076] +++ exited with 0 +++ [pid 6075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6075, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./343/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./343/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./343/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/bus") = 0 umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./343/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6078 attached , child_tidptr=0x5555564f6750) = 6078 [pid 6078] set_robust_list(0x5555564f6760, 24) = 0 [pid 6078] chdir("./344") = 0 [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6078] setpgid(0, 0) = 0 [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6078] write(3, "1000", 4) = 4 [pid 6078] close(3) = 0 [pid 6078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6078] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6078] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6079 attached => {parent_tid=[6079]}, 88) = 6079 [pid 6079] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], [pid 6079] <... rseq resumed>) = 0 [pid 6079] set_robust_list(0x7f6d468e79a0, 24 [pid 6078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] <... set_robust_list resumed>) = 0 [pid 6078] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] rt_sigprocmask(SIG_SETMASK, [], [pid 6078] <... futex resumed>) = 0 [pid 6079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] memfd_create("syzkaller", 0 [pid 6078] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6079] <... memfd_create resumed>) = 3 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6079] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6079] close(3) = 0 [pid 6079] mkdir("./bus", 0777) = 0 [pid 6079] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6079] chdir("./bus") = 0 [pid 6079] ioctl(4, LOOP_CLR_FD) = 0 [pid 6079] close(4) = 0 [pid 6079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 0 [pid 6079] <... futex resumed>) = 1 [pid 6078] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] memfd_create("syzkaller", 0 [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6079] <... memfd_create resumed>) = 4 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6079] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6079] munmap(0x7f6d360cf000, 32768) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6079] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6079] ioctl(5, LOOP_CLR_FD) = 0 [pid 6079] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6079] close(5) = 0 [pid 6079] close(4) = 0 [pid 6079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6079] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6079] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 1 [pid 6079] <... futex resumed>) = 0 [pid 6078] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6078] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6078] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6078] <... futex resumed>) = 0 [pid 6079] <... mmap resumed>) = 0x20000000 [pid 6078] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6079] <... futex resumed>) = 0 [pid 6078] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6078] <... futex resumed>) = 0 [pid 6079] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6078] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... openat resumed>) = 5 [pid 6079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6079] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6078] <... futex resumed>) = 0 [pid 6079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6078] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6078] <... futex resumed>) = 0 [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6079] <... openat resumed>) = 6 [pid 6078] <... mmap resumed>) = 0x7f6d360b6000 [pid 6079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6079] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6080 attached [pid 6080] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6080] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6080] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... clone3 resumed> => {parent_tid=[6080]}, 88) = 6080 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 124.935021][ T6079] loop0: detected capacity change from 0 to 64 [pid 6078] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6080] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6078] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6080] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6080] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] exit_group(0 [pid 6080] <... futex resumed>) = ? [pid 6079] <... futex resumed>) = ? [pid 6078] <... exit_group resumed>) = ? [pid 6080] +++ exited with 0 +++ [pid 6079] +++ exited with 0 +++ [pid 6078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./344/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./344/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./344/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/bus") = 0 umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./344/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6081 attached , child_tidptr=0x5555564f6750) = 6081 [pid 6081] set_robust_list(0x5555564f6760, 24) = 0 [pid 6081] chdir("./345") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6081] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6082 attached => {parent_tid=[6082]}, 88) = 6082 [pid 6082] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6082] <... rseq resumed>) = 0 [pid 6082] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6082] memfd_create("syzkaller", 0) = 3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6082] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6082] close(3) = 0 [pid 6082] mkdir("./bus", 0777) = 0 [pid 6082] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./bus") = 0 [pid 6082] ioctl(4, LOOP_CLR_FD) = 0 [pid 6082] close(4) = 0 [pid 6082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [pid 6082] memfd_create("syzkaller", 0 [pid 6081] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6082] <... memfd_create resumed>) = 4 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6082] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6082] munmap(0x7f6d360cf000, 32768) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6082] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6082] ioctl(5, LOOP_CLR_FD) = 0 [pid 6082] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6082] close(5) = 0 [pid 6082] close(4) = 0 [pid 6082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6082] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6081] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... openat resumed>) = 4 [pid 6082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6082] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6081] <... futex resumed>) = 1 [pid 6081] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... openat resumed>) = 5 [pid 6082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6081] <... futex resumed>) = 0 [pid 6082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6082] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6081] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... openat resumed>) = 6 [pid 6081] <... futex resumed>) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6082] <... futex resumed>) = 0 [pid 6081] <... mprotect resumed>) = 0 [pid 6082] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 125.064967][ T6082] loop0: detected capacity change from 0 to 64 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6083 attached [pid 6083] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6081] <... clone3 resumed> => {parent_tid=[6083]}, 88) = 6083 [pid 6083] <... rseq resumed>) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6083] set_robust_list(0x7f6d360d69a0, 24 [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6083] <... set_robust_list resumed>) = 0 [pid 6081] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] <... futex resumed>) = 0 [pid 6083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6081] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6083] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6083] <... futex resumed>) = 1 [pid 6083] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] exit_group(0 [pid 6083] <... futex resumed>) = ? [pid 6082] <... futex resumed>) = ? [pid 6083] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ [pid 6081] <... exit_group resumed>) = ? [pid 6081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./345/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./345/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./345/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/bus") = 0 umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./345/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6084 attached , child_tidptr=0x5555564f6750) = 6084 [pid 6084] set_robust_list(0x5555564f6760, 24) = 0 [pid 6084] chdir("./346") = 0 [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6084] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6084] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6085]}, 88) = 6085 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6084] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6085 attached [pid 6085] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6085] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6085] memfd_create("syzkaller", 0) = 3 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6085] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6085] close(3) = 0 [pid 6085] mkdir("./bus", 0777) = 0 [pid 6085] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6085] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6085] chdir("./bus") = 0 [pid 6085] ioctl(4, LOOP_CLR_FD) = 0 [pid 6085] close(4) = 0 [pid 6085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6085] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6084] <... futex resumed>) = 0 [pid 6085] memfd_create("syzkaller", 0 [pid 6084] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6085] <... memfd_create resumed>) = 4 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6085] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6085] munmap(0x7f6d360cf000, 32768) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6085] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6085] ioctl(5, LOOP_CLR_FD) = 0 [pid 6085] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6085] close(5) = 0 [pid 6085] close(4) = 0 [pid 6085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6085] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6084] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... write resumed>) = 12288 [pid 6085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... futex resumed>) = 1 [pid 6085] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... futex resumed>) = 1 [pid 6085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 125.183757][ T6085] loop0: detected capacity change from 0 to 64 [pid 6085] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6084] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... openat resumed>) = 6 [pid 6084] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6085] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6086 attached [pid 6086] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6086] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6086] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... clone3 resumed> => {parent_tid=[6086]}, 88) = 6086 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6084] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6086] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6084] <... futex resumed>) = 1 [pid 6086] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6086] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6084] exit_group(0 [pid 6086] <... futex resumed>) = ? [pid 6085] <... futex resumed>) = ? [pid 6084] <... exit_group resumed>) = ? [pid 6086] +++ exited with 0 +++ [pid 6085] +++ exited with 0 +++ [pid 6084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./346/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./346/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./346/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/bus") = 0 umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./346/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6087 ./strace-static-x86_64: Process 6087 attached [pid 6087] set_robust_list(0x5555564f6760, 24) = 0 [pid 6087] chdir("./347") = 0 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6087] setpgid(0, 0) = 0 [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6087] write(3, "1000", 4) = 4 [pid 6087] close(3) = 0 [pid 6087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6087] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6088 attached [pid 6088] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6087] <... clone3 resumed> => {parent_tid=[6088]}, 88) = 6088 [pid 6088] <... rseq resumed>) = 0 [pid 6088] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6087] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 0 [pid 6087] <... futex resumed>) = 1 [pid 6088] memfd_create("syzkaller", 0 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6088] <... memfd_create resumed>) = 3 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6088] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6088] close(3) = 0 [pid 6088] mkdir("./bus", 0777) = 0 [pid 6088] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6088] chdir("./bus") = 0 [pid 6088] ioctl(4, LOOP_CLR_FD) = 0 [pid 6088] close(4) = 0 [pid 6088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] memfd_create("syzkaller", 0 [pid 6087] <... futex resumed>) = 0 [pid 6088] <... memfd_create resumed>) = 4 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6088] <... mmap resumed>) = 0x7f6d360cf000 [pid 6088] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6088] munmap(0x7f6d360cf000, 32768) = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6088] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6088] ioctl(5, LOOP_CLR_FD) = 0 [pid 6088] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6088] close(5) = 0 [pid 6088] close(4) = 0 [pid 6088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6088] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6087] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... openat resumed>) = 4 [pid 6087] <... futex resumed>) = 0 [pid 6088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6087] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6088] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6088] <... write resumed>) = 12288 [pid 6088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 1 [pid 6088] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6088] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6087] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 125.328730][ T6088] loop0: detected capacity change from 0 to 64 [pid 6088] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6088] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6087] <... futex resumed>) = 0 [pid 6088] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6088] <... openat resumed>) = 6 [pid 6088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... mmap resumed>) = 0x7f6d360b6000 [pid 6088] <... futex resumed>) = 0 [pid 6087] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6088] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] <... mprotect resumed>) = 0 [pid 6087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6089 attached [pid 6089] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6087] <... clone3 resumed> => {parent_tid=[6089]}, 88) = 6089 [pid 6089] <... rseq resumed>) = 0 [pid 6087] rt_sigprocmask(SIG_SETMASK, [], [pid 6089] set_robust_list(0x7f6d360d69a0, 24 [pid 6087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6089] <... set_robust_list resumed>) = 0 [pid 6087] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], [pid 6087] <... futex resumed>) = 0 [pid 6089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6087] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6089] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = 1 [pid 6087] exit_group(0 [pid 6089] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6088] <... futex resumed>) = ? [pid 6089] +++ exited with 0 +++ [pid 6087] <... exit_group resumed>) = ? [pid 6088] +++ exited with 0 +++ [pid 6087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6087, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./347/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./347/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./347/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/bus") = 0 umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./347/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6090 attached , child_tidptr=0x5555564f6750) = 6090 [pid 6090] set_robust_list(0x5555564f6760, 24) = 0 [pid 6090] chdir("./348") = 0 [pid 6090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6090] setpgid(0, 0) = 0 [pid 6090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6090] write(3, "1000", 4) = 4 [pid 6090] close(3) = 0 [pid 6090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6090] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6090] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6091 attached [pid 6091] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6090] <... clone3 resumed> => {parent_tid=[6091]}, 88) = 6091 [pid 6091] <... rseq resumed>) = 0 [pid 6091] set_robust_list(0x7f6d468e79a0, 24 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], [pid 6091] <... set_robust_list resumed>) = 0 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], [pid 6090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6090] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] memfd_create("syzkaller", 0 [pid 6090] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6091] <... memfd_create resumed>) = 3 [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6091] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6091] close(3) = 0 [pid 6091] mkdir("./bus", 0777) = 0 [pid 6091] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6091] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6091] chdir("./bus") = 0 [pid 6091] ioctl(4, LOOP_CLR_FD) = 0 [pid 6091] close(4) = 0 [pid 6091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = 0 [pid 6090] <... futex resumed>) = 1 [pid 6091] memfd_create("syzkaller", 0 [pid 6090] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6091] <... memfd_create resumed>) = 4 [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6091] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6091] munmap(0x7f6d360cf000, 32768) = 0 [pid 6091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6091] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6091] ioctl(5, LOOP_CLR_FD) = 0 [pid 6091] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6091] close(5) = 0 [pid 6091] close(4) = 0 [pid 6091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... openat resumed>) = 4 [pid 6091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6090] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... write resumed>) = 12288 [pid 6091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6091] <... futex resumed>) = 0 [pid 6090] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6090] <... futex resumed>) = 0 [pid 6091] <... mmap resumed>) = 0x20000000 [pid 6090] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6090] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6090] <... futex resumed>) = 0 [pid 6091] <... openat resumed>) = 5 [pid 6090] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6091] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6090] <... mmap resumed>) = 0x7f6d360b6000 [pid 6091] <... openat resumed>) = 6 [pid 6090] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6092 attached [pid 6092] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6090] <... clone3 resumed> => {parent_tid=[6092]}, 88) = 6092 [pid 6092] <... rseq resumed>) = 0 [pid 6092] set_robust_list(0x7f6d360d69a0, 24 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] <... set_robust_list resumed>) = 0 [pid 6090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] rt_sigprocmask(SIG_SETMASK, [], [pid 6090] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6090] <... futex resumed>) = 0 [pid 6092] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6090] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... futex resumed>) = 0 [pid 6092] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6091] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6092] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6092] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] exit_group(0 [pid 6092] <... futex resumed>) = ? [pid 6091] <... futex resumed>) = ? [pid 6090] <... exit_group resumed>) = ? [ 125.479873][ T6091] loop0: detected capacity change from 0 to 64 [pid 6091] +++ exited with 0 +++ [pid 6092] +++ exited with 0 +++ [pid 6090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6090, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./348/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./348/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./348/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/bus") = 0 umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./348/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6093 attached , child_tidptr=0x5555564f6750) = 6093 [pid 6093] set_robust_list(0x5555564f6760, 24) = 0 [pid 6093] chdir("./349") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6093] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6093] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6094 attached [pid 6094] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6093] <... clone3 resumed> => {parent_tid=[6094]}, 88) = 6094 [pid 6094] set_robust_list(0x7f6d468e79a0, 24 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6094] <... set_robust_list resumed>) = 0 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6093] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] memfd_create("syzkaller", 0 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... memfd_create resumed>) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6093] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] <... mmap resumed>) = 0x7f6d3e4c7000 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6094] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] mkdir("./bus", 0777) = 0 [pid 6094] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./bus") = 0 [pid 6094] ioctl(4, LOOP_CLR_FD) = 0 [pid 6094] close(4) = 0 [pid 6094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] memfd_create("syzkaller", 0 [pid 6093] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... memfd_create resumed>) = 4 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6094] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6094] munmap(0x7f6d360cf000, 32768) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6094] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6094] ioctl(5, LOOP_CLR_FD) = 0 [pid 6094] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6094] close(5) = 0 [pid 6094] close(4) = 0 [pid 6094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6093] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... write resumed>) = 12288 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = 1 [pid 6094] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6093] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6094] <... openat resumed>) = 6 [pid 6093] <... mmap resumed>) = 0x7f6d360b6000 [pid 6093] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] <... mprotect resumed>) = 0 [pid 6094] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6095 attached [pid 6095] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6093] <... clone3 resumed> => {parent_tid=[6095]}, 88) = 6095 [pid 6095] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6095] rt_sigprocmask(SIG_SETMASK, [], [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6093] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6093] <... futex resumed>) = 0 [pid 6095] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6095] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6095] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6095] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] exit_group(0 [pid 6095] <... futex resumed>) = ? [pid 6093] <... exit_group resumed>) = ? [pid 6094] <... futex resumed>) = ? [pid 6095] +++ exited with 0 +++ [pid 6094] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 125.614012][ T6094] loop0: detected capacity change from 0 to 64 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./349/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./349/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./349/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/bus") = 0 umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./349/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6096 ./strace-static-x86_64: Process 6096 attached [pid 6096] set_robust_list(0x5555564f6760, 24) = 0 [pid 6096] chdir("./350") = 0 [pid 6096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6096] setpgid(0, 0) = 0 [pid 6096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6096] write(3, "1000", 4) = 4 [pid 6096] close(3) = 0 [pid 6096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6096] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6096] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6097 attached [pid 6097] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6097] set_robust_list(0x7f6d468e79a0, 24 [pid 6096] <... clone3 resumed> => {parent_tid=[6097]}, 88) = 6097 [pid 6097] <... set_robust_list resumed>) = 0 [pid 6097] rt_sigprocmask(SIG_SETMASK, [], [pid 6096] rt_sigprocmask(SIG_SETMASK, [], [pid 6097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6097] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6096] <... futex resumed>) = 0 [pid 6097] memfd_create("syzkaller", 0 [pid 6096] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6097] <... memfd_create resumed>) = 3 [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6097] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6097] close(3) = 0 [pid 6097] mkdir("./bus", 0777) = 0 [pid 6097] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6097] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6097] chdir("./bus") = 0 [pid 6097] ioctl(4, LOOP_CLR_FD) = 0 [pid 6097] close(4) = 0 [pid 6097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6097] <... futex resumed>) = 0 [pid 6097] memfd_create("syzkaller", 0) = 4 [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6097] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6097] munmap(0x7f6d360cf000, 32768) = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6097] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6097] ioctl(5, LOOP_CLR_FD) = 0 [pid 6097] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6097] close(5) = 0 [pid 6097] close(4) = 0 [pid 6097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6097] <... futex resumed>) = 1 [pid 6097] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6096] <... futex resumed>) = 0 [pid 6097] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6096] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... openat resumed>) = 4 [pid 6097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6097] <... futex resumed>) = 1 [pid 6097] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6096] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... write resumed>) = 12288 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... futex resumed>) = 1 [pid 6097] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6096] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6097] <... futex resumed>) = 1 [pid 6097] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6096] <... futex resumed>) = 0 [pid 6097] <... openat resumed>) = 6 [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6096] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... mprotect resumed>) = 0 [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6098 attached => {parent_tid=[6098]}, 88) = 6098 [pid 6096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6096] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6098] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6098] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6098] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6098] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] <... futex resumed>) = 0 [ 125.747990][ T6097] loop0: detected capacity change from 0 to 64 [pid 6098] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] exit_group(0 [pid 6098] <... futex resumed>) = ? [pid 6097] <... futex resumed>) = ? [pid 6098] +++ exited with 0 +++ [pid 6097] +++ exited with 0 +++ [pid 6096] <... exit_group resumed>) = ? [pid 6096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6096, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./350/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./350/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./350/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/bus") = 0 umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./350/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6099 ./strace-static-x86_64: Process 6099 attached [pid 6099] set_robust_list(0x5555564f6760, 24) = 0 [pid 6099] chdir("./351") = 0 [pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6099] setpgid(0, 0) = 0 [pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6099] write(3, "1000", 4) = 4 [pid 6099] close(3) = 0 [pid 6099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6099] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6099] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6100 attached => {parent_tid=[6100]}, 88) = 6100 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6099] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6100] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6100] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] memfd_create("syzkaller", 0) = 3 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6100] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6100] close(3) = 0 [pid 6100] mkdir("./bus", 0777) = 0 [pid 6100] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6100] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6100] chdir("./bus") = 0 [pid 6100] ioctl(4, LOOP_CLR_FD) = 0 [pid 6100] close(4) = 0 [pid 6100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6099] <... futex resumed>) = 1 [pid 6099] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6100] memfd_create("syzkaller", 0) = 4 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6100] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6100] munmap(0x7f6d360cf000, 32768) = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6100] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6100] ioctl(5, LOOP_CLR_FD) = 0 [pid 6100] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6100] close(5) = 0 [pid 6100] close(4) = 0 [pid 6100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6099] <... futex resumed>) = 1 [pid 6100] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6099] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6099] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [ 125.874717][ T6100] loop0: detected capacity change from 0 to 64 [pid 6100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] <... futex resumed>) = 0 [pid 6100] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6099] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... mmap resumed>) = 0x20000000 [pid 6100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6100] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6099] <... futex resumed>) = 1 [pid 6100] <... openat resumed>) = 5 [pid 6099] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6099] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6100] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6099] <... mprotect resumed>) = 0 [pid 6099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6100] <... openat resumed>) = 6 [pid 6099] <... clone3 resumed> => {parent_tid=[6101]}, 88) = 6101 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6099] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6101 attached [pid 6100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6101] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6101] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6101] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6101] <... futex resumed>) = 1 [pid 6099] exit_group(0 [pid 6101] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6100] <... futex resumed>) = ? [pid 6101] +++ exited with 0 +++ [pid 6100] +++ exited with 0 +++ [pid 6099] <... exit_group resumed>) = ? [pid 6099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6099, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./351/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./351/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./351/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/bus") = 0 umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./351/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6102 ./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x5555564f6760, 24) = 0 [pid 6102] chdir("./352") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6102] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6103 attached => {parent_tid=[6103]}, 88) = 6103 [pid 6103] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6103] set_robust_list(0x7f6d468e79a0, 24 [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6103] <... set_robust_list resumed>) = 0 [pid 6102] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] <... futex resumed>) = 0 [pid 6103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6103] memfd_create("syzkaller", 0) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6103] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] close(3) = 0 [pid 6103] mkdir("./bus", 0777) = 0 [pid 6103] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./bus") = 0 [pid 6103] ioctl(4, LOOP_CLR_FD) = 0 [pid 6103] close(4) = 0 [pid 6103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] memfd_create("syzkaller", 0 [pid 6102] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6103] <... memfd_create resumed>) = 4 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6103] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6103] munmap(0x7f6d360cf000, 32768) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6103] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6103] ioctl(5, LOOP_CLR_FD) = 0 [pid 6103] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6103] close(5) = 0 [pid 6103] close(4) = 0 [pid 6103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6102] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] <... openat resumed>) = 4 [pid 6102] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... futex resumed>) = 1 [pid 6103] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6103] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6102] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6102] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6102] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6102] <... futex resumed>) = 0 [pid 6103] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6103] <... openat resumed>) = 6 [pid 6102] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... mprotect resumed>) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6104 attached [pid 6104] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6104] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 126.022323][ T6103] loop0: detected capacity change from 0 to 64 [pid 6104] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... clone3 resumed> => {parent_tid=[6104]}, 88) = 6104 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6102] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6102] <... futex resumed>) = 1 [pid 6104] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6102] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6104] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6104] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] exit_group(0 [pid 6103] <... futex resumed>) = ? [pid 6102] <... exit_group resumed>) = ? [pid 6104] <... futex resumed>) = ? [pid 6104] +++ exited with 0 +++ [pid 6103] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./352/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./352/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./352/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/bus") = 0 umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./352/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6105 attached , child_tidptr=0x5555564f6750) = 6105 [pid 6105] set_robust_list(0x5555564f6760, 24) = 0 [pid 6105] chdir("./353") = 0 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6105] setpgid(0, 0) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6105] write(3, "1000", 4) = 4 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6105] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6105] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6106 attached => {parent_tid=[6106]}, 88) = 6106 [pid 6106] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6106] set_robust_list(0x7f6d468e79a0, 24 [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6106] <... set_robust_list resumed>) = 0 [pid 6106] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6106] memfd_create("syzkaller", 0 [pid 6105] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6106] <... memfd_create resumed>) = 3 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6106] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6106] close(3) = 0 [pid 6106] mkdir("./bus", 0777) = 0 [pid 6106] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6106] chdir("./bus") = 0 [pid 6106] ioctl(4, LOOP_CLR_FD) = 0 [pid 6106] close(4) = 0 [pid 6106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6106] <... futex resumed>) = 1 [pid 6105] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6106] memfd_create("syzkaller", 0) = 4 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6106] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6106] munmap(0x7f6d360cf000, 32768) = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6106] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6106] ioctl(5, LOOP_CLR_FD) = 0 [pid 6106] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6106] close(5) = 0 [pid 6106] close(4) = 0 [pid 6106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] <... futex resumed>) = 1 [pid 6105] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] <... futex resumed>) = 1 [pid 6105] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6106] <... futex resumed>) = 1 [ 126.142131][ T6106] loop0: detected capacity change from 0 to 64 [pid 6105] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6105] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6106] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6105] <... mmap resumed>) = 0x7f6d360b6000 [pid 6105] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6106] <... openat resumed>) = 6 [pid 6105] <... mprotect resumed>) = 0 [pid 6106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6106] <... futex resumed>) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6106] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6107 attached [pid 6105] <... clone3 resumed> => {parent_tid=[6107]}, 88) = 6107 [pid 6107] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6107] <... rseq resumed>) = 0 [pid 6107] set_robust_list(0x7f6d360d69a0, 24 [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6107] <... set_robust_list resumed>) = 0 [pid 6105] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] <... futex resumed>) = 0 [pid 6107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6105] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6107] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6107] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6107] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] exit_group(0 [pid 6106] <... futex resumed>) = ? [pid 6105] <... exit_group resumed>) = ? [pid 6107] <... futex resumed>) = ? [pid 6106] +++ exited with 0 +++ [pid 6107] +++ exited with 0 +++ [pid 6105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./353/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./353/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./353/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/bus") = 0 umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./353/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6108 ./strace-static-x86_64: Process 6108 attached [pid 6108] set_robust_list(0x5555564f6760, 24) = 0 [pid 6108] chdir("./354") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6108] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6108] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6109 attached [pid 6109] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6108] <... clone3 resumed> => {parent_tid=[6109]}, 88) = 6109 [pid 6109] <... rseq resumed>) = 0 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], [pid 6109] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], [pid 6108] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6108] <... futex resumed>) = 0 [pid 6109] memfd_create("syzkaller", 0 [pid 6108] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6109] <... memfd_create resumed>) = 3 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6109] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] close(3) = 0 [pid 6109] mkdir("./bus", 0777) = 0 [pid 6109] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6109] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6109] chdir("./bus") = 0 [pid 6109] ioctl(4, LOOP_CLR_FD) = 0 [pid 6109] close(4) = 0 [pid 6109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6108] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6109] memfd_create("syzkaller", 0) = 4 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6109] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6109] munmap(0x7f6d360cf000, 32768) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6109] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6109] ioctl(5, LOOP_CLR_FD) = 0 [pid 6109] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6109] close(5) = 0 [pid 6109] close(4) = 0 [pid 6109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6108] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = 1 [pid 6109] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6108] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = 0 [pid 6109] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6108] <... futex resumed>) = 1 [pid 6108] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... mmap resumed>) = 0x20000000 [pid 6109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6108] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6109] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6108] <... futex resumed>) = 0 [pid 6109] <... openat resumed>) = 5 [pid 6108] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6109] <... futex resumed>) = 1 [pid 6108] <... mmap resumed>) = 0x7f6d360b6000 [pid 6109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6109] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6108] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 126.284020][ T6109] loop0: detected capacity change from 0 to 64 [pid 6109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6110 attached [pid 6110] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6108] <... clone3 resumed> => {parent_tid=[6110]}, 88) = 6110 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6110] <... rseq resumed>) = 0 [pid 6108] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] set_robust_list(0x7f6d360d69a0, 24 [pid 6108] <... futex resumed>) = 0 [pid 6110] <... set_robust_list resumed>) = 0 [pid 6110] rt_sigprocmask(SIG_SETMASK, [], [pid 6108] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6110] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6110] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = 0 [pid 6110] <... futex resumed>) = 1 [pid 6108] exit_group(0 [pid 6110] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... futex resumed>) = ? [pid 6110] <... futex resumed>) = ? [pid 6109] +++ exited with 0 +++ [pid 6108] <... exit_group resumed>) = ? [pid 6110] +++ exited with 0 +++ [pid 6108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./354/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./354/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./354/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/bus") = 0 umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./354/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6111 attached , child_tidptr=0x5555564f6750) = 6111 [pid 6111] set_robust_list(0x5555564f6760, 24) = 0 [pid 6111] chdir("./355") = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6111] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6111] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6112 attached [pid 6112] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6111] <... clone3 resumed> => {parent_tid=[6112]}, 88) = 6112 [pid 6111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6111] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] <... rseq resumed>) = 0 [pid 6111] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6112] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6112] memfd_create("syzkaller", 0) = 3 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6112] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6112] close(3) = 0 [pid 6112] mkdir("./bus", 0777) = 0 [pid 6112] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6112] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6112] chdir("./bus") = 0 [pid 6112] ioctl(4, LOOP_CLR_FD) = 0 [pid 6112] close(4) = 0 [pid 6112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 1 [pid 6112] memfd_create("syzkaller", 0 [pid 6111] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6112] <... memfd_create resumed>) = 4 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6112] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6112] munmap(0x7f6d360cf000, 32768) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6112] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6112] ioctl(5, LOOP_CLR_FD) = 0 [pid 6112] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6112] close(5) = 0 [pid 6112] close(4) = 0 [pid 6112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6111] <... futex resumed>) = 0 [pid 6112] <... openat resumed>) = 4 [pid 6111] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6111] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... write resumed>) = 12288 [pid 6112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6112] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6111] <... futex resumed>) = 0 [pid 6112] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6111] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... mmap resumed>) = 0x20000000 [pid 6112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6112] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6111] <... futex resumed>) = 0 [pid 6112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6111] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 126.412259][ T6112] loop0: detected capacity change from 0 to 64 [pid 6112] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6112] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6111] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6111] <... futex resumed>) = 0 [pid 6112] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6111] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6112] <... openat resumed>) = 6 [pid 6112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] <... mmap resumed>) = 0x7f6d360b6000 [pid 6112] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6113 attached [pid 6113] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6111] <... clone3 resumed> => {parent_tid=[6113]}, 88) = 6113 [pid 6113] <... rseq resumed>) = 0 [pid 6113] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6111] rt_sigprocmask(SIG_SETMASK, [], [pid 6113] rt_sigprocmask(SIG_SETMASK, [], [pid 6111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6111] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6111] <... futex resumed>) = 0 [pid 6113] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6111] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6113] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] exit_group(0 [pid 6112] <... futex resumed>) = ? [pid 6111] <... exit_group resumed>) = ? [pid 6113] <... futex resumed>) = ? [pid 6113] +++ exited with 0 +++ [pid 6112] +++ exited with 0 +++ [pid 6111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./355/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./355/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./355/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/bus") = 0 umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./355/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6114 attached , child_tidptr=0x5555564f6750) = 6114 [pid 6114] set_robust_list(0x5555564f6760, 24) = 0 [pid 6114] chdir("./356") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6114] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6115 attached => {parent_tid=[6115]}, 88) = 6115 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6114] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6115] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6115] memfd_create("syzkaller", 0) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6115] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6115] close(3) = 0 [pid 6115] mkdir("./bus", 0777) = 0 [pid 6115] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./bus") = 0 [pid 6115] ioctl(4, LOOP_CLR_FD) = 0 [pid 6115] close(4) = 0 [pid 6115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = 1 [pid 6115] memfd_create("syzkaller", 0 [pid 6114] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] <... memfd_create resumed>) = 4 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6115] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6115] munmap(0x7f6d360cf000, 32768) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6115] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6115] ioctl(5, LOOP_CLR_FD) = 0 [pid 6115] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6115] close(5) = 0 [pid 6115] close(4) = 0 [pid 6115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6115] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = 1 [pid 6114] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [ 126.558918][ T6115] loop0: detected capacity change from 0 to 64 [pid 6115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6115] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = 1 [pid 6114] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6115] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6114] <... futex resumed>) = 0 [pid 6115] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6114] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... openat resumed>) = 6 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6115] <... futex resumed>) = 0 [pid 6115] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... mmap resumed>) = 0x7f6d360b6000 [pid 6114] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6116 attached [pid 6116] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6114] <... clone3 resumed> => {parent_tid=[6116]}, 88) = 6116 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6114] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6116] <... rseq resumed>) = 0 [pid 6116] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6116] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6116] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6116] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] exit_group(0 [pid 6116] <... futex resumed>) = ? [pid 6116] +++ exited with 0 +++ [pid 6115] <... futex resumed>) = ? [pid 6114] <... exit_group resumed>) = ? [pid 6115] +++ exited with 0 +++ [pid 6114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./356/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./356/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./356/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/bus") = 0 umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./356/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6117 ./strace-static-x86_64: Process 6117 attached [pid 6117] set_robust_list(0x5555564f6760, 24) = 0 [pid 6117] chdir("./357") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6117] close(3) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6117] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6118 attached [pid 6118] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6118] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6118] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] <... clone3 resumed> => {parent_tid=[6118]}, 88) = 6118 [pid 6117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6117] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6118] <... futex resumed>) = 0 [pid 6117] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6118] memfd_create("syzkaller", 0) = 3 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6118] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6118] close(3) = 0 [pid 6118] mkdir("./bus", 0777) = 0 [pid 6118] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6118] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6118] chdir("./bus") = 0 [pid 6118] ioctl(4, LOOP_CLR_FD) = 0 [pid 6118] close(4) = 0 [pid 6118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] memfd_create("syzkaller", 0) = 4 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6118] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6118] munmap(0x7f6d360cf000, 32768) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6118] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6118] ioctl(5, LOOP_CLR_FD) = 0 [pid 6118] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6118] close(5) = 0 [pid 6118] close(4) = 0 [pid 6118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6118] <... futex resumed>) = 1 [pid 6118] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... futex resumed>) = 1 [pid 6118] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] <... futex resumed>) = 0 [pid 6118] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6117] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... mmap resumed>) = 0x20000000 [pid 6118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6118] <... futex resumed>) = 1 [pid 6117] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] <... futex resumed>) = 0 [pid 6118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6117] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6117] <... futex resumed>) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6118] <... openat resumed>) = 6 [pid 6117] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... mprotect resumed>) = 0 [ 126.717536][ T6118] loop0: detected capacity change from 0 to 64 [pid 6118] <... futex resumed>) = 0 [pid 6118] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6119 attached [pid 6119] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6119] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6119] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] <... clone3 resumed> => {parent_tid=[6119]}, 88) = 6119 [pid 6117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6117] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... futex resumed>) = 0 [pid 6117] <... futex resumed>) = 1 [pid 6119] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6117] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6119] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] exit_group(0 [pid 6119] <... futex resumed>) = ? [pid 6118] <... futex resumed>) = ? [pid 6117] <... exit_group resumed>) = ? [pid 6119] +++ exited with 0 +++ [pid 6118] +++ exited with 0 +++ [pid 6117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./357/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./357/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./357/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/bus") = 0 umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./357/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6120 attached , child_tidptr=0x5555564f6750) = 6120 [pid 6120] set_robust_list(0x5555564f6760, 24) = 0 [pid 6120] chdir("./358") = 0 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6120] setpgid(0, 0) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6120] write(3, "1000", 4) = 4 [pid 6120] close(3) = 0 [pid 6120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6120] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6120] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6121 attached [pid 6121] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6120] <... clone3 resumed> => {parent_tid=[6121]}, 88) = 6121 [pid 6121] <... rseq resumed>) = 0 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], [pid 6121] set_robust_list(0x7f6d468e79a0, 24 [pid 6120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6121] <... set_robust_list resumed>) = 0 [pid 6120] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] rt_sigprocmask(SIG_SETMASK, [], [pid 6120] <... futex resumed>) = 0 [pid 6121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6120] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6121] memfd_create("syzkaller", 0) = 3 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6121] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6121] close(3) = 0 [pid 6121] mkdir("./bus", 0777) = 0 [pid 6121] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6121] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6121] chdir("./bus") = 0 [pid 6121] ioctl(4, LOOP_CLR_FD) = 0 [pid 6121] close(4) = 0 [pid 6121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6121] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6120] <... futex resumed>) = 0 [pid 6121] memfd_create("syzkaller", 0 [pid 6120] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6121] <... memfd_create resumed>) = 4 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6121] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6121] munmap(0x7f6d360cf000, 32768) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6121] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6121] ioctl(5, LOOP_CLR_FD) = 0 [pid 6121] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6121] close(5) = 0 [pid 6121] close(4) = 0 [pid 6121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... futex resumed>) = 1 [pid 6121] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... futex resumed>) = 1 [pid 6121] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... futex resumed>) = 1 [pid 6121] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = 0 [pid 6121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6121] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6120] <... futex resumed>) = 1 [pid 6120] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6121] <... futex resumed>) = 1 [pid 6121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6121] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6120] <... mmap resumed>) = 0x7f6d360b6000 [pid 6120] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6120] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6121] <... futex resumed>) = 0 [pid 6121] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6122 attached [pid 6122] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6120] <... clone3 resumed> => {parent_tid=[6122]}, 88) = 6122 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] <... rseq resumed>) = 0 [pid 6120] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6122] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6122] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6122] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] <... futex resumed>) = 0 [pid 6120] exit_group(0 [pid 6122] <... futex resumed>) = ? [pid 6121] <... futex resumed>) = ? [pid 6120] <... exit_group resumed>) = ? [pid 6122] +++ exited with 0 +++ [pid 6121] +++ exited with 0 +++ [pid 6120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6120, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 126.849381][ T6121] loop0: detected capacity change from 0 to 64 umount2("./358/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./358/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./358/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/bus") = 0 umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./358/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6123 attached , child_tidptr=0x5555564f6750) = 6123 [pid 6123] set_robust_list(0x5555564f6760, 24) = 0 [pid 6123] chdir("./359") = 0 [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6123] write(3, "1000", 4) = 4 [pid 6123] close(3) = 0 [pid 6123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6123] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6123] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6124 attached [pid 6124] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6123] <... clone3 resumed> => {parent_tid=[6124]}, 88) = 6124 [pid 6124] <... rseq resumed>) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] set_robust_list(0x7f6d468e79a0, 24 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6124] <... set_robust_list resumed>) = 0 [pid 6123] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6123] <... futex resumed>) = 0 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6123] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6124] memfd_create("syzkaller", 0) = 3 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6124] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6124] close(3) = 0 [pid 6124] mkdir("./bus", 0777) = 0 [pid 6124] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6124] chdir("./bus") = 0 [pid 6124] ioctl(4, LOOP_CLR_FD) = 0 [pid 6124] close(4) = 0 [pid 6124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6124] memfd_create("syzkaller", 0 [pid 6123] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6124] <... memfd_create resumed>) = 4 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6124] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6124] munmap(0x7f6d360cf000, 32768) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6124] ioctl(5, LOOP_CLR_FD) = 0 [pid 6124] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6124] close(5) = 0 [pid 6124] close(4) = 0 [pid 6124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6124] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6123] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6124] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6123] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] <... write resumed>) = 12288 [pid 6123] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... futex resumed>) = 1 [ 126.963491][ T6124] loop0: detected capacity change from 0 to 64 [pid 6124] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... futex resumed>) = 1 [pid 6124] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6124] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6123] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6124] <... futex resumed>) = 1 [pid 6124] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6124] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] <... openat resumed>) = 6 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6125 attached [pid 6125] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6123] <... clone3 resumed> => {parent_tid=[6125]}, 88) = 6125 [pid 6125] <... rseq resumed>) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6125] set_robust_list(0x7f6d360d69a0, 24 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6125] <... set_robust_list resumed>) = 0 [pid 6124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] rt_sigprocmask(SIG_SETMASK, [], [pid 6123] <... futex resumed>) = 0 [pid 6125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6123] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6124] <... futex resumed>) = 0 [pid 6125] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6124] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6125] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6125] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] exit_group(0 [pid 6124] <... futex resumed>) = ? [pid 6125] <... futex resumed>) = ? [pid 6123] <... exit_group resumed>) = ? [pid 6124] +++ exited with 0 +++ [pid 6125] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./359/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./359/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./359/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/bus") = 0 umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./359/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6126 attached , child_tidptr=0x5555564f6750) = 6126 [pid 6126] set_robust_list(0x5555564f6760, 24) = 0 [pid 6126] chdir("./360") = 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6126] setpgid(0, 0) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6126] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6126] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6127 attached => {parent_tid=[6127]}, 88) = 6127 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6127] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6126] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] <... rseq resumed>) = 0 [pid 6127] set_robust_list(0x7f6d468e79a0, 24 [pid 6126] <... futex resumed>) = 0 [pid 6127] <... set_robust_list resumed>) = 0 [pid 6127] rt_sigprocmask(SIG_SETMASK, [], [pid 6126] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6127] memfd_create("syzkaller", 0) = 3 [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6127] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6127] close(3) = 0 [pid 6127] mkdir("./bus", 0777) = 0 [pid 6127] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6127] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6127] chdir("./bus") = 0 [pid 6127] ioctl(4, LOOP_CLR_FD) = 0 [pid 6127] close(4) = 0 [pid 6127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... futex resumed>) = 0 [pid 6127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6126] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] memfd_create("syzkaller", 0 [pid 6126] <... futex resumed>) = 0 [pid 6127] <... memfd_create resumed>) = 4 [pid 6126] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6127] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6127] munmap(0x7f6d360cf000, 32768) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6127] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6127] ioctl(5, LOOP_CLR_FD) = 0 [pid 6127] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6127] close(5) = 0 [pid 6127] close(4) = 0 [pid 6127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6127] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6126] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] <... openat resumed>) = 4 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6126] <... futex resumed>) = 0 [pid 6127] <... write resumed>) = 12288 [pid 6126] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 127.118125][ T6127] loop0: detected capacity change from 0 to 64 [pid 6127] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6126] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6126] <... futex resumed>) = 0 [pid 6127] <... openat resumed>) = 6 [pid 6126] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6128 attached => {parent_tid=[6128]}, 88) = 6128 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6126] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6128] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6128] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6128] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6128] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... futex resumed>) = 0 [pid 6126] exit_group(0) = ? [pid 6128] <... futex resumed>) = ? [pid 6127] <... futex resumed>) = ? [pid 6128] +++ exited with 0 +++ [pid 6127] +++ exited with 0 +++ [pid 6126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6126, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./360/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./360/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./360/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/bus") = 0 umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./360/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6129 ./strace-static-x86_64: Process 6129 attached [pid 6129] set_robust_list(0x5555564f6760, 24) = 0 [pid 6129] chdir("./361") = 0 [pid 6129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6129] setpgid(0, 0) = 0 [pid 6129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6129] write(3, "1000", 4) = 4 [pid 6129] close(3) = 0 [pid 6129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6129] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6129] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6130 attached => {parent_tid=[6130]}, 88) = 6130 [pid 6130] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], [pid 6130] <... rseq resumed>) = 0 [pid 6129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6130] set_robust_list(0x7f6d468e79a0, 24 [pid 6129] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6130] <... set_robust_list resumed>) = 0 [pid 6130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6130] memfd_create("syzkaller", 0) = 3 [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6130] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6130] close(3) = 0 [pid 6130] mkdir("./bus", 0777) = 0 [pid 6130] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6130] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6130] chdir("./bus") = 0 [pid 6130] ioctl(4, LOOP_CLR_FD) = 0 [pid 6130] close(4) = 0 [pid 6130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] memfd_create("syzkaller", 0 [pid 6129] <... futex resumed>) = 0 [pid 6130] <... memfd_create resumed>) = 4 [pid 6129] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6130] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6130] munmap(0x7f6d360cf000, 32768) = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6130] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6130] ioctl(5, LOOP_CLR_FD) = 0 [pid 6130] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6130] close(5) = 0 [pid 6130] close(4) = 0 [pid 6130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6130] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6129] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... openat resumed>) = 4 [pid 6130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6129] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... write resumed>) = 12288 [pid 6130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6130] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6129] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... mmap resumed>) = 0x20000000 [pid 6130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6129] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6129] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6129] <... futex resumed>) = 0 [pid 6130] <... openat resumed>) = 6 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6130] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] <... mmap resumed>) = 0x7f6d360b6000 [pid 6129] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6131 attached => {parent_tid=[6131]}, 88) = 6131 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6129] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 127.268367][ T6130] loop0: detected capacity change from 0 to 64 [pid 6129] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6131] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6131] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6131] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6131] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6131] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] exit_group(0 [pid 6131] <... futex resumed>) = ? [pid 6130] <... futex resumed>) = ? [pid 6129] <... exit_group resumed>) = ? [pid 6131] +++ exited with 0 +++ [pid 6130] +++ exited with 0 +++ [pid 6129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6129, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./361/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./361/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./361/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/bus") = 0 umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./361/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6132 attached , child_tidptr=0x5555564f6750) = 6132 [pid 6132] set_robust_list(0x5555564f6760, 24) = 0 [pid 6132] chdir("./362") = 0 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6132] setpgid(0, 0) = 0 [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6132] write(3, "1000", 4) = 4 [pid 6132] close(3) = 0 [pid 6132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6132] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6132] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6133 attached [pid 6133] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6132] <... clone3 resumed> => {parent_tid=[6133]}, 88) = 6133 [pid 6133] set_robust_list(0x7f6d468e79a0, 24 [pid 6132] rt_sigprocmask(SIG_SETMASK, [], [pid 6133] <... set_robust_list resumed>) = 0 [pid 6132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], [pid 6132] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6132] <... futex resumed>) = 0 [pid 6133] memfd_create("syzkaller", 0 [pid 6132] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6133] <... memfd_create resumed>) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6133] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6133] close(3) = 0 [pid 6133] mkdir("./bus", 0777) = 0 [pid 6133] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6133] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6133] chdir("./bus") = 0 [pid 6133] ioctl(4, LOOP_CLR_FD) = 0 [pid 6133] close(4) = 0 [pid 6133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... futex resumed>) = 0 [pid 6133] memfd_create("syzkaller", 0 [pid 6132] <... futex resumed>) = 1 [pid 6133] <... memfd_create resumed>) = 4 [pid 6132] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6133] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6133] munmap(0x7f6d360cf000, 32768) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6133] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6133] ioctl(5, LOOP_CLR_FD) = 0 [pid 6133] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6133] close(5) = 0 [pid 6133] close(4) = 0 [pid 6133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6133] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6132] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... openat resumed>) = 4 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6133] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] <... futex resumed>) = 0 [pid 6133] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6132] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... write resumed>) = 12288 [pid 6133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 0 [pid 6133] <... futex resumed>) = 1 [pid 6132] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... mmap resumed>) = 0x20000000 [pid 6133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] <... futex resumed>) = 0 [pid 6133] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6132] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 0 [pid 6133] <... futex resumed>) = 1 [pid 6132] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6132] <... futex resumed>) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6133] <... futex resumed>) = 0 [pid 6132] <... mprotect resumed>) = 0 [pid 6133] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6134]}, 88) = 6134 ./strace-static-x86_64: Process 6134 attached [ 127.406789][ T6133] loop0: detected capacity change from 0 to 64 [pid 6134] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6132] rt_sigprocmask(SIG_SETMASK, [], [pid 6134] <... rseq resumed>) = 0 [pid 6132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6134] set_robust_list(0x7f6d360d69a0, 24 [pid 6132] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... set_robust_list resumed>) = 0 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6134] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6134] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] exit_group(0 [pid 6134] <... futex resumed>) = ? [pid 6133] <... futex resumed>) = ? [pid 6132] <... exit_group resumed>) = ? [pid 6134] +++ exited with 0 +++ [pid 6133] +++ exited with 0 +++ [pid 6132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6132, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./362/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./362/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./362/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/bus") = 0 umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./362/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6135 attached , child_tidptr=0x5555564f6750) = 6135 [pid 6135] set_robust_list(0x5555564f6760, 24) = 0 [pid 6135] chdir("./363") = 0 [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6135] setpgid(0, 0) = 0 [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6135] write(3, "1000", 4) = 4 [pid 6135] close(3) = 0 [pid 6135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6135] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6135] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6136 attached => {parent_tid=[6136]}, 88) = 6136 [pid 6136] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6136] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], [pid 6136] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6135] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6136] memfd_create("syzkaller", 0) = 3 [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6136] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6136] close(3) = 0 [pid 6136] mkdir("./bus", 0777) = 0 [pid 6136] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6136] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6136] chdir("./bus") = 0 [pid 6136] ioctl(4, LOOP_CLR_FD) = 0 [pid 6136] close(4) = 0 [pid 6136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = 1 [pid 6136] memfd_create("syzkaller", 0 [pid 6135] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6136] <... memfd_create resumed>) = 4 [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6136] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6136] munmap(0x7f6d360cf000, 32768) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6136] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6136] ioctl(5, LOOP_CLR_FD) = 0 [pid 6136] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6136] close(5) = 0 [pid 6136] close(4) = 0 [pid 6136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = 1 [pid 6136] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6135] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... openat resumed>) = 4 [pid 6136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] <... futex resumed>) = 0 [pid 6136] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6135] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... write resumed>) = 12288 [pid 6136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6136] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6135] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6136] <... futex resumed>) = 1 [pid 6136] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6135] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] <... futex resumed>) = 0 [pid 6136] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6135] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6135] <... futex resumed>) = 0 [ 127.546701][ T6136] loop0: detected capacity change from 0 to 64 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6136] <... openat resumed>) = 6 [pid 6136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... mmap resumed>) = 0x7f6d360b6000 [pid 6135] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6136] <... futex resumed>) = 0 [pid 6136] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... mprotect resumed>) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6137 attached [pid 6137] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6135] <... clone3 resumed> => {parent_tid=[6137]}, 88) = 6137 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6135] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... rseq resumed>) = 0 [pid 6137] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6137] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6137] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6137] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] exit_group(0 [pid 6136] <... futex resumed>) = ? [pid 6137] <... futex resumed>) = ? [pid 6136] +++ exited with 0 +++ [pid 6135] <... exit_group resumed>) = ? [pid 6137] +++ exited with 0 +++ [pid 6135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6135, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./363/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./363/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./363/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/bus") = 0 umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./363/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6138 attached , child_tidptr=0x5555564f6750) = 6138 [pid 6138] set_robust_list(0x5555564f6760, 24) = 0 [pid 6138] chdir("./364") = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6138] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6139 attached [pid 6139] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6138] <... clone3 resumed> => {parent_tid=[6139]}, 88) = 6139 [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 6139] <... rseq resumed>) = 0 [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6138] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6139] memfd_create("syzkaller", 0) = 3 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6139] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] close(3) = 0 [pid 6139] mkdir("./bus", 0777) = 0 [pid 6139] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6139] chdir("./bus") = 0 [pid 6139] ioctl(4, LOOP_CLR_FD) = 0 [pid 6139] close(4) = 0 [pid 6139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6138] <... futex resumed>) = 0 [pid 6139] memfd_create("syzkaller", 0) = 4 [pid 6138] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6139] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6139] munmap(0x7f6d360cf000, 32768) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6139] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6139] ioctl(5, LOOP_CLR_FD) = 0 [pid 6139] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6139] close(5) = 0 [pid 6139] close(4) = 0 [pid 6139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6139] <... futex resumed>) = 1 [pid 6138] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6138] <... futex resumed>) = 0 [pid 6139] <... openat resumed>) = 4 [pid 6138] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... futex resumed>) = 1 [pid 6139] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6139] <... futex resumed>) = 1 [pid 6138] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6138] <... futex resumed>) = 0 [pid 6139] <... mmap resumed>) = 0x20000000 [pid 6138] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6139] <... futex resumed>) = 0 [pid 6138] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6138] <... futex resumed>) = 0 [pid 6139] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6138] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... openat resumed>) = 5 [pid 6139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6138] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6138] <... futex resumed>) = 0 [pid 6139] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6138] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... openat resumed>) = 6 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6139] <... futex resumed>) = 0 [pid 6139] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... mmap resumed>) = 0x7f6d360b6000 [pid 6138] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6140]}, 88) = 6140 ./strace-static-x86_64: Process 6140 attached [pid 6140] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 6140] <... rseq resumed>) = 0 [pid 6140] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6138] <... futex resumed>) = 0 [pid 6140] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6138] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6140] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6140] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] exit_group(0 [pid 6140] <... futex resumed>) = ? [pid 6139] <... futex resumed>) = ? [pid 6138] <... exit_group resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ [pid 6138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./364/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./364/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./364/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 [ 127.676447][ T6139] loop0: detected capacity change from 0 to 64 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/bus") = 0 umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./364/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6141 ./strace-static-x86_64: Process 6141 attached [pid 6141] set_robust_list(0x5555564f6760, 24) = 0 [pid 6141] chdir("./365") = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] setpgid(0, 0) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 6141] close(3) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6141] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6142 attached => {parent_tid=[6142]}, 88) = 6142 [pid 6142] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6142] <... rseq resumed>) = 0 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6142] set_robust_list(0x7f6d468e79a0, 24 [pid 6141] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... set_robust_list resumed>) = 0 [pid 6141] <... futex resumed>) = 0 [pid 6142] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6142] memfd_create("syzkaller", 0) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6142] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6142] close(3) = 0 [pid 6142] mkdir("./bus", 0777) = 0 [pid 6142] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6142] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6142] chdir("./bus") = 0 [pid 6142] ioctl(4, LOOP_CLR_FD) = 0 [pid 6142] close(4) = 0 [pid 6142] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6142] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] <... futex resumed>) = 0 [pid 6142] memfd_create("syzkaller", 0 [pid 6141] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6142] <... memfd_create resumed>) = 4 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6142] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6142] munmap(0x7f6d360cf000, 32768) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6142] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6142] ioctl(5, LOOP_CLR_FD) = 0 [pid 6142] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6142] close(5) = 0 [pid 6142] close(4) = 0 [pid 6142] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6142] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6142] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... mmap resumed>) = 0x20000000 [pid 6142] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6141] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6142] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] <... futex resumed>) = 0 [ 127.774948][ T6142] loop0: detected capacity change from 0 to 64 [pid 6141] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6141] <... futex resumed>) = 0 [pid 6142] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6141] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6142] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... mmap resumed>) = 0x7f6d360b6000 [pid 6141] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6142] <... futex resumed>) = 0 [pid 6141] <... mprotect resumed>) = 0 [pid 6142] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6143 attached [pid 6143] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6143] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] <... clone3 resumed> => {parent_tid=[6143]}, 88) = 6143 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6143] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] <... futex resumed>) = 0 [pid 6141] <... futex resumed>) = 1 [pid 6141] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6143] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6143] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] exit_group(0 [pid 6143] <... futex resumed>) = ? [pid 6142] <... futex resumed>) = ? [pid 6141] <... exit_group resumed>) = ? [pid 6143] +++ exited with 0 +++ [pid 6142] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./365/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./365/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./365/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/bus") = 0 umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./365/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6144 attached [pid 6144] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6144 [pid 6144] chdir("./366") = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6144] setpgid(0, 0) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6144] write(3, "1000", 4) = 4 [pid 6144] close(3) = 0 [pid 6144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6144] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6144] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6145 attached [pid 6145] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6144] <... clone3 resumed> => {parent_tid=[6145]}, 88) = 6145 [pid 6145] <... rseq resumed>) = 0 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], [pid 6145] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], [pid 6144] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6145] memfd_create("syzkaller", 0) = 3 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6145] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6145] close(3) = 0 [pid 6145] mkdir("./bus", 0777) = 0 [pid 6145] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6145] chdir("./bus") = 0 [pid 6145] ioctl(4, LOOP_CLR_FD) = 0 [pid 6145] close(4) = 0 [pid 6145] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = 1 [pid 6145] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6145] memfd_create("syzkaller", 0 [pid 6144] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6145] <... memfd_create resumed>) = 4 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6145] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6145] munmap(0x7f6d360cf000, 32768) = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6145] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6145] ioctl(5, LOOP_CLR_FD) = 0 [pid 6145] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6145] close(5) = 0 [pid 6145] close(4) = 0 [pid 6145] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = 1 [pid 6145] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6145] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6144] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... openat resumed>) = 4 [pid 6145] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... futex resumed>) = 1 [pid 6145] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6145] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6145] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6145] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6144] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... mmap resumed>) = 0x20000000 [pid 6145] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... futex resumed>) = 1 [pid 6145] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6145] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6145] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = 1 [pid 6144] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6144] <... futex resumed>) = 0 [pid 6145] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6144] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... openat resumed>) = 6 [pid 6144] <... futex resumed>) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6144] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6145] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6146 attached [pid 6146] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6144] <... clone3 resumed> => {parent_tid=[6146]}, 88) = 6146 [pid 6146] set_robust_list(0x7f6d360d69a0, 24 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], [pid 6146] <... set_robust_list resumed>) = 0 [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], [pid 6144] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6146] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6144] <... futex resumed>) = 0 [pid 6146] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6144] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6144] exit_group(0 [pid 6145] <... futex resumed>) = ? [pid 6145] +++ exited with 0 +++ [pid 6144] <... exit_group resumed>) = ? [pid 6146] <... futex resumed>) = ? [pid 6146] +++ exited with 0 +++ [pid 6144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6144, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./366/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 127.905241][ T6145] loop0: detected capacity change from 0 to 64 umount2("./366/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./366/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/bus") = 0 umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./366/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6147 attached , child_tidptr=0x5555564f6750) = 6147 [pid 6147] set_robust_list(0x5555564f6760, 24) = 0 [pid 6147] chdir("./367") = 0 [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6147] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6147] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6148 attached [pid 6148] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6148] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6147] <... clone3 resumed> => {parent_tid=[6148]}, 88) = 6148 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6148] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] memfd_create("syzkaller", 0) = 3 [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6148] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6148] close(3) = 0 [pid 6148] mkdir("./bus", 0777) = 0 [pid 6148] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6148] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6148] chdir("./bus") = 0 [pid 6148] ioctl(4, LOOP_CLR_FD) = 0 [pid 6148] close(4) = 0 [pid 6148] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] <... futex resumed>) = 0 [pid 6148] memfd_create("syzkaller", 0 [pid 6147] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6148] <... memfd_create resumed>) = 4 [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6148] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6148] munmap(0x7f6d360cf000, 32768) = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6148] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6148] ioctl(5, LOOP_CLR_FD) = 0 [pid 6148] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6148] close(5) = 0 [pid 6148] close(4) = 0 [pid 6148] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6148] <... futex resumed>) = 1 [pid 6148] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] <... futex resumed>) = 0 [pid 6148] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6147] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... openat resumed>) = 4 [pid 6148] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6148] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6148] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.022882][ T6148] loop0: detected capacity change from 0 to 64 [pid 6147] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... futex resumed>) = 1 [pid 6148] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6148] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6148] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6147] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6147] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6148] <... openat resumed>) = 6 [pid 6147] <... mprotect resumed>) = 0 [pid 6148] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6149 attached => {parent_tid=[6149]}, 88) = 6149 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6147] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6147] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... rseq resumed>) = 0 [pid 6149] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6149] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6149] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6149] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] exit_group(0 [pid 6149] <... futex resumed>) = ? [pid 6148] <... futex resumed>) = ? [pid 6149] +++ exited with 0 +++ [pid 6147] <... exit_group resumed>) = ? [pid 6148] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./367/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./367/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./367/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/bus") = 0 umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./367/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6150 attached , child_tidptr=0x5555564f6750) = 6150 [pid 6150] set_robust_list(0x5555564f6760, 24) = 0 [pid 6150] chdir("./368") = 0 [pid 6150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6150] setpgid(0, 0) = 0 [pid 6150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6150] write(3, "1000", 4) = 4 [pid 6150] close(3) = 0 [pid 6150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6150] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6150] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6151 attached [pid 6151] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6150] <... clone3 resumed> => {parent_tid=[6151]}, 88) = 6151 [pid 6151] <... rseq resumed>) = 0 [pid 6151] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6150] rt_sigprocmask(SIG_SETMASK, [], [pid 6151] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6150] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... futex resumed>) = 0 [pid 6150] <... futex resumed>) = 1 [pid 6151] memfd_create("syzkaller", 0 [pid 6150] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6151] <... memfd_create resumed>) = 3 [pid 6151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6151] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6151] close(3) = 0 [pid 6151] mkdir("./bus", 0777) = 0 [pid 6151] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6151] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6151] chdir("./bus") = 0 [pid 6151] ioctl(4, LOOP_CLR_FD) = 0 [pid 6151] close(4) = 0 [pid 6151] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] memfd_create("syzkaller", 0 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6151] <... memfd_create resumed>) = 4 [pid 6151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6151] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6151] munmap(0x7f6d360cf000, 32768) = 0 [pid 6151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6151] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6151] ioctl(5, LOOP_CLR_FD) = 0 [pid 6151] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6151] close(5) = 0 [pid 6151] close(4) = 0 [pid 6151] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6151] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... futex resumed>) = 0 [pid 6150] <... futex resumed>) = 1 [pid 6151] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6150] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... openat resumed>) = 4 [pid 6151] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6151] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6150] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6151] <... write resumed>) = 12288 [pid 6150] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [ 128.175804][ T6151] loop0: detected capacity change from 0 to 64 [pid 6150] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6151] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6150] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... mmap resumed>) = 0x20000000 [pid 6151] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6151] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6150] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6151] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6150] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... openat resumed>) = 5 [pid 6151] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6151] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6151] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6150] <... mmap resumed>) = 0x7f6d360b6000 [pid 6151] <... openat resumed>) = 6 [pid 6150] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6151] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... mprotect resumed>) = 0 [pid 6150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6151] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6152 attached [pid 6151] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6150] <... clone3 resumed> => {parent_tid=[6152]}, 88) = 6152 [pid 6152] <... rseq resumed>) = 0 [pid 6150] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] set_robust_list(0x7f6d360d69a0, 24 [pid 6150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6152] <... set_robust_list resumed>) = 0 [pid 6150] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6150] <... futex resumed>) = 0 [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6150] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6152] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6152] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6152] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] exit_group(0) = ? [pid 6152] <... futex resumed>) = ? [pid 6152] +++ exited with 0 +++ [pid 6151] <... futex resumed>) = ? [pid 6151] +++ exited with 0 +++ [pid 6150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6150, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./368/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./368/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./368/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/bus") = 0 umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./368/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6153 ./strace-static-x86_64: Process 6153 attached [pid 6153] set_robust_list(0x5555564f6760, 24) = 0 [pid 6153] chdir("./369") = 0 [pid 6153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6153] setpgid(0, 0) = 0 [pid 6153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6153] write(3, "1000", 4) = 4 [pid 6153] close(3) = 0 [pid 6153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6153] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6153] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6154 attached [pid 6154] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6154] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6154] rt_sigprocmask(SIG_SETMASK, [], [pid 6153] <... clone3 resumed> => {parent_tid=[6154]}, 88) = 6154 [pid 6153] rt_sigprocmask(SIG_SETMASK, [], [pid 6154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6154] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... futex resumed>) = 0 [pid 6153] <... futex resumed>) = 1 [pid 6154] memfd_create("syzkaller", 0) = 3 [pid 6154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6153] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6154] <... mmap resumed>) = 0x7f6d3e4c7000 [pid 6154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6154] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6154] close(3) = 0 [pid 6154] mkdir("./bus", 0777) = 0 [pid 6154] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6154] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6154] chdir("./bus") = 0 [pid 6154] ioctl(4, LOOP_CLR_FD) = 0 [pid 6154] close(4) = 0 [pid 6154] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6154] <... futex resumed>) = 1 [pid 6154] memfd_create("syzkaller", 0) = 4 [pid 6154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6154] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6154] munmap(0x7f6d360cf000, 32768) = 0 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6154] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6154] ioctl(5, LOOP_CLR_FD) = 0 [pid 6154] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6154] close(5) = 0 [pid 6154] close(4) = 0 [pid 6154] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6154] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6153] <... futex resumed>) = 0 [pid 6154] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6153] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... openat resumed>) = 4 [pid 6154] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6154] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6154] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6154] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6154] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6153] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... openat resumed>) = 5 [pid 6154] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6154] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6153] <... futex resumed>) = 0 [ 128.322564][ T6154] loop0: detected capacity change from 0 to 64 [pid 6154] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6153] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6153] <... futex resumed>) = 0 [pid 6154] <... openat resumed>) = 6 [pid 6153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6153] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6154] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] <... clone3 resumed> => {parent_tid=[6155]}, 88) = 6155 [pid 6154] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6155 attached NULL, 8) = 0 [pid 6155] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6153] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6155] <... rseq resumed>) = 0 [pid 6153] <... futex resumed>) = 0 [pid 6155] set_robust_list(0x7f6d360d69a0, 24 [pid 6153] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6155] <... set_robust_list resumed>) = 0 [pid 6155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6155] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6155] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = 0 [pid 6155] <... futex resumed>) = 1 [pid 6155] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] exit_group(0 [pid 6154] <... futex resumed>) = ? [pid 6155] <... futex resumed>) = ? [pid 6153] <... exit_group resumed>) = ? [pid 6155] +++ exited with 0 +++ [pid 6154] +++ exited with 0 +++ [pid 6153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6153, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./369/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./369/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./369/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/bus") = 0 umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./369/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6156 attached , child_tidptr=0x5555564f6750) = 6156 [pid 6156] set_robust_list(0x5555564f6760, 24) = 0 [pid 6156] chdir("./370") = 0 [pid 6156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6156] setpgid(0, 0) = 0 [pid 6156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6156] write(3, "1000", 4) = 4 [pid 6156] close(3) = 0 [pid 6156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6156] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6156] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6157 attached => {parent_tid=[6157]}, 88) = 6157 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6156] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6157] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6157] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6157] memfd_create("syzkaller", 0) = 3 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6157] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6157] close(3) = 0 [pid 6157] mkdir("./bus", 0777) = 0 [pid 6157] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6157] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6157] chdir("./bus") = 0 [pid 6157] ioctl(4, LOOP_CLR_FD) = 0 [pid 6157] close(4) = 0 [pid 6157] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6156] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6157] memfd_create("syzkaller", 0) = 4 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6157] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6157] munmap(0x7f6d360cf000, 32768) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6157] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6157] ioctl(5, LOOP_CLR_FD) = 0 [pid 6157] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6157] close(5) = 0 [pid 6157] close(4) = 0 [pid 6157] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = 1 [pid 6157] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6156] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... openat resumed>) = 4 [pid 6157] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6156] <... futex resumed>) = 1 [pid 6157] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6156] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... write resumed>) = 12288 [ 128.446020][ T6157] loop0: detected capacity change from 0 to 64 [pid 6157] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6156] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6157] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... futex resumed>) = 1 [pid 6157] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6157] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6157] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6156] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6156] <... futex resumed>) = 0 [pid 6157] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6156] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... openat resumed>) = 6 [pid 6156] <... futex resumed>) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6157] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6158 attached => {parent_tid=[6158]}, 88) = 6158 [pid 6158] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6156] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... rseq resumed>) = 0 [pid 6158] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6158] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6158] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6158] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] exit_group(0 [pid 6158] <... futex resumed>) = ? [pid 6158] +++ exited with 0 +++ [pid 6157] <... futex resumed>) = ? [pid 6156] <... exit_group resumed>) = ? [pid 6157] +++ exited with 0 +++ [pid 6156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6156, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./370/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./370/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./370/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/bus") = 0 umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./370/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6159 ./strace-static-x86_64: Process 6159 attached [pid 6159] set_robust_list(0x5555564f6760, 24) = 0 [pid 6159] chdir("./371") = 0 [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6159] setpgid(0, 0) = 0 [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6159] write(3, "1000", 4) = 4 [pid 6159] close(3) = 0 [pid 6159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6159] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6159] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6160 attached => {parent_tid=[6160]}, 88) = 6160 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6159] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6160] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6160] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6160] memfd_create("syzkaller", 0) = 3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6160] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6160] close(3) = 0 [pid 6160] mkdir("./bus", 0777) = 0 [pid 6160] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6160] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6160] chdir("./bus") = 0 [pid 6160] ioctl(4, LOOP_CLR_FD) = 0 [pid 6160] close(4) = 0 [pid 6160] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6160] memfd_create("syzkaller", 0) = 4 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6160] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6159] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6160] <... write resumed>) = 32768 [pid 6160] munmap(0x7f6d360cf000, 32768) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6160] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6160] ioctl(5, LOOP_CLR_FD) = 0 [pid 6160] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6160] close(5) = 0 [pid 6160] close(4) = 0 [pid 6160] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... futex resumed>) = 1 [pid 6160] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6160] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... futex resumed>) = 1 [pid 6160] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6160] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... futex resumed>) = 1 [pid 6160] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [ 128.583906][ T6160] loop0: detected capacity change from 0 to 64 [pid 6160] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 1 [pid 6160] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6160] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6159] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... openat resumed>) = 5 [pid 6160] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6160] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6160] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6159] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6160] <... openat resumed>) = 6 [pid 6159] <... mprotect resumed>) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6160] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6160] <... futex resumed>) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6160] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6161 attached [pid 6161] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6161] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6161] rt_sigprocmask(SIG_SETMASK, [], [pid 6159] <... clone3 resumed> => {parent_tid=[6161]}, 88) = 6161 [pid 6161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6161] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6159] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] <... futex resumed>) = 0 [pid 6161] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6161] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] exit_group(0) = ? [pid 6161] <... futex resumed>) = ? [pid 6161] +++ exited with 0 +++ [pid 6160] <... futex resumed>) = ? [pid 6160] +++ exited with 0 +++ [pid 6159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./371/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./371/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./371/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/bus") = 0 umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./371/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6162 attached , child_tidptr=0x5555564f6750) = 6162 [pid 6162] set_robust_list(0x5555564f6760, 24) = 0 [pid 6162] chdir("./372") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6162] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6162] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6163 attached => {parent_tid=[6163]}, 88) = 6163 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6163] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6163] <... rseq resumed>) = 0 [pid 6163] set_robust_list(0x7f6d468e79a0, 24 [pid 6162] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... set_robust_list resumed>) = 0 [pid 6163] rt_sigprocmask(SIG_SETMASK, [], [pid 6162] <... futex resumed>) = 0 [pid 6163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6162] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6163] memfd_create("syzkaller", 0) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6163] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6163] close(3) = 0 [pid 6163] mkdir("./bus", 0777) = 0 [pid 6163] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6163] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./bus") = 0 [pid 6163] ioctl(4, LOOP_CLR_FD) = 0 [pid 6163] close(4) = 0 [pid 6163] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6163] <... futex resumed>) = 1 [pid 6162] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] memfd_create("syzkaller", 0) = 4 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6163] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6163] munmap(0x7f6d360cf000, 32768) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6163] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6163] ioctl(5, LOOP_CLR_FD) = 0 [pid 6163] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6163] close(5) = 0 [pid 6163] close(4) = 0 [pid 6163] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6162] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... openat resumed>) = 4 [pid 6162] <... futex resumed>) = 0 [pid 6163] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... futex resumed>) = 0 [pid 6163] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6162] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6163] <... futex resumed>) = 0 [pid 6162] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6163] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6162] <... futex resumed>) = 0 [pid 6163] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6162] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... mmap resumed>) = 0x20000000 [pid 6163] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... futex resumed>) = 1 [pid 6163] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6163] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6163] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6163] <... futex resumed>) = 1 [pid 6162] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6162] <... futex resumed>) = 0 [pid 6163] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6162] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... openat resumed>) = 6 [pid 6162] <... futex resumed>) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6162] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6163] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... mprotect resumed>) = 0 [pid 6163] <... futex resumed>) = 0 [pid 6163] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6164]}, 88) = 6164 ./strace-static-x86_64: Process 6164 attached [pid 6164] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6164] <... rseq resumed>) = 0 [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6164] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6162] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] rt_sigprocmask(SIG_SETMASK, [], [pid 6162] <... futex resumed>) = 0 [pid 6164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6162] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6164] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6164] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6164] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] exit_group(0 [pid 6164] <... futex resumed>) = ? [pid 6163] <... futex resumed>) = ? [pid 6162] <... exit_group resumed>) = ? [pid 6164] +++ exited with 0 +++ [pid 6163] +++ exited with 0 +++ [pid 6162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 128.728957][ T6163] loop0: detected capacity change from 0 to 64 umount2("./372/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./372/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./372/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/bus") = 0 umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./372/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6165 attached [pid 6165] set_robust_list(0x5555564f6760, 24 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6165 [pid 6165] <... set_robust_list resumed>) = 0 [pid 6165] chdir("./373") = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6165] write(3, "1000", 4) = 4 [pid 6165] close(3) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6165] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6165] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6166 attached => {parent_tid=[6166]}, 88) = 6166 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6166] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6166] <... rseq resumed>) = 0 [pid 6166] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6166] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6166] memfd_create("syzkaller", 0) = 3 [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6166] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6166] close(3) = 0 [pid 6166] mkdir("./bus", 0777) = 0 [pid 6166] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6166] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6166] chdir("./bus") = 0 [pid 6166] ioctl(4, LOOP_CLR_FD) = 0 [pid 6166] close(4) = 0 [pid 6166] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6166] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6166] <... futex resumed>) = 0 [pid 6165] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6166] memfd_create("syzkaller", 0) = 4 [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6166] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6166] munmap(0x7f6d360cf000, 32768) = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6166] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6166] ioctl(5, LOOP_CLR_FD) = 0 [pid 6166] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6166] close(5) = 0 [pid 6166] close(4) = 0 [pid 6166] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6166] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = 1 [pid 6166] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6166] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.854186][ T6166] loop0: detected capacity change from 0 to 64 [pid 6166] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6165] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = 1 [pid 6166] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6165] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... write resumed>) = 12288 [pid 6166] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6165] <... futex resumed>) = 0 [pid 6166] <... mmap resumed>) = 0x20000000 [pid 6165] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6166] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6166] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6166] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6166] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6165] <... futex resumed>) = 0 [pid 6166] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6165] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... openat resumed>) = 6 [pid 6165] <... futex resumed>) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6166] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6166] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... mmap resumed>) = 0x7f6d360b6000 [pid 6165] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6167 attached => {parent_tid=[6167]}, 88) = 6167 [pid 6167] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6167] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6167] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6165] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6165] <... futex resumed>) = 1 [pid 6167] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6165] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6167] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] exit_group(0 [pid 6167] <... futex resumed>) = ? [pid 6165] <... exit_group resumed>) = ? [pid 6167] +++ exited with 0 +++ [pid 6166] <... futex resumed>) = ? [pid 6166] +++ exited with 0 +++ [pid 6165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./373/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./373/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./373/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/bus") = 0 umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./373/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6168 attached , child_tidptr=0x5555564f6750) = 6168 [pid 6168] set_robust_list(0x5555564f6760, 24) = 0 [pid 6168] chdir("./374") = 0 [pid 6168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6168] setpgid(0, 0) = 0 [pid 6168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6168] write(3, "1000", 4) = 4 [pid 6168] close(3) = 0 [pid 6168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6168] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6168] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6169]}, 88) = 6169 ./strace-static-x86_64: Process 6169 attached [pid 6168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6168] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6169] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6169] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6169] memfd_create("syzkaller", 0) = 3 [pid 6169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6169] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6169] close(3) = 0 [pid 6169] mkdir("./bus", 0777) = 0 [pid 6169] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6169] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6169] chdir("./bus") = 0 [pid 6169] ioctl(4, LOOP_CLR_FD) = 0 [pid 6169] close(4) = 0 [pid 6169] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6169] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = 1 [pid 6168] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6169] memfd_create("syzkaller", 0) = 4 [pid 6169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6169] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6169] munmap(0x7f6d360cf000, 32768) = 0 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6169] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6169] ioctl(5, LOOP_CLR_FD) = 0 [pid 6169] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6169] close(5) = 0 [pid 6169] close(4) = 0 [pid 6169] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6169] <... futex resumed>) = 1 [pid 6168] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] <... openat resumed>) = 4 [pid 6169] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] <... futex resumed>) = 1 [pid 6168] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6169] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6169] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6168] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] <... mmap resumed>) = 0x20000000 [pid 6169] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6169] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6169] <... futex resumed>) = 1 [pid 6168] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6168] <... futex resumed>) = 0 [pid 6169] <... openat resumed>) = 6 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6168] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6169] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... mprotect resumed>) = 0 [pid 6169] <... futex resumed>) = 0 [ 129.007098][ T6169] loop0: detected capacity change from 0 to 64 [pid 6169] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6170 attached => {parent_tid=[6170]}, 88) = 6170 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6168] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6170] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6170] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6170] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6170] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] exit_group(0) = ? [pid 6169] <... futex resumed>) = ? [pid 6170] <... futex resumed>) = ? [pid 6170] +++ exited with 0 +++ [pid 6169] +++ exited with 0 +++ [pid 6168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6168, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./374/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./374/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./374/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/bus") = 0 umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./374/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6171 attached , child_tidptr=0x5555564f6750) = 6171 [pid 6171] set_robust_list(0x5555564f6760, 24) = 0 [pid 6171] chdir("./375") = 0 [pid 6171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6171] setpgid(0, 0) = 0 [pid 6171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6171] write(3, "1000", 4) = 4 [pid 6171] close(3) = 0 [pid 6171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6171] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6171] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6172]}, 88) = 6172 ./strace-static-x86_64: Process 6172 attached [pid 6171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6171] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6172] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6172] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6172] memfd_create("syzkaller", 0) = 3 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6172] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] close(3) = 0 [pid 6172] mkdir("./bus", 0777) = 0 [pid 6172] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6172] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6172] chdir("./bus") = 0 [pid 6172] ioctl(4, LOOP_CLR_FD) = 0 [pid 6172] close(4) = 0 [pid 6172] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6171] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6172] memfd_create("syzkaller", 0) = 4 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6172] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6172] munmap(0x7f6d360cf000, 32768) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6172] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6172] ioctl(5, LOOP_CLR_FD) = 0 [pid 6172] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6172] close(5) = 0 [pid 6172] close(4) = 0 [pid 6172] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6171] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... openat resumed>) = 4 [pid 6172] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6171] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6171] <... futex resumed>) = 0 [pid 6172] <... write resumed>) = 12288 [pid 6171] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] <... futex resumed>) = 0 [pid 6171] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6171] <... futex resumed>) = 0 [pid 6172] <... mmap resumed>) = 0x20000000 [pid 6171] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] <... futex resumed>) = 0 [pid 6171] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6171] <... futex resumed>) = 0 [pid 6172] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6171] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... openat resumed>) = 5 [pid 6172] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6171] <... futex resumed>) = 0 [pid 6172] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6172] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6172] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6171] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6172] <... openat resumed>) = 6 [pid 6171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6172] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... clone3 resumed> => {parent_tid=[6173]}, 88) = 6173 [pid 6171] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6173 attached [pid 6172] <... futex resumed>) = 0 [pid 6173] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6172] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6173] <... rseq resumed>) = 0 [pid 6173] set_robust_list(0x7f6d360d69a0, 24 [pid 6171] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... set_robust_list resumed>) = 0 [pid 6171] <... futex resumed>) = 0 [pid 6173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6171] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6173] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] <... futex resumed>) = 0 [pid 6171] exit_group(0) = ? [pid 6173] <... futex resumed>) = ? [pid 6172] <... futex resumed>) = ? [pid 6173] +++ exited with 0 +++ [ 129.127196][ T6172] loop0: detected capacity change from 0 to 64 [pid 6172] +++ exited with 0 +++ [pid 6171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6171, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./375/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./375/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./375/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/bus") = 0 umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./375/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6174 attached [pid 6174] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6174 [pid 6174] chdir("./376") = 0 [pid 6174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6174] setpgid(0, 0) = 0 [pid 6174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6174] write(3, "1000", 4) = 4 [pid 6174] close(3) = 0 [pid 6174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6174] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6174] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6175 attached [pid 6175] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6174] <... clone3 resumed> => {parent_tid=[6175]}, 88) = 6175 [pid 6175] <... rseq resumed>) = 0 [pid 6175] set_robust_list(0x7f6d468e79a0, 24 [pid 6174] rt_sigprocmask(SIG_SETMASK, [], [pid 6175] <... set_robust_list resumed>) = 0 [pid 6175] rt_sigprocmask(SIG_SETMASK, [], [pid 6174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6174] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] memfd_create("syzkaller", 0 [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6175] <... memfd_create resumed>) = 3 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6175] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6175] close(3) = 0 [pid 6175] mkdir("./bus", 0777) = 0 [pid 6175] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6175] chdir("./bus") = 0 [pid 6175] ioctl(4, LOOP_CLR_FD) = 0 [pid 6175] close(4) = 0 [pid 6175] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6175] <... futex resumed>) = 1 [pid 6175] memfd_create("syzkaller", 0) = 4 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6175] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6175] munmap(0x7f6d360cf000, 32768) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6175] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6175] ioctl(5, LOOP_CLR_FD) = 0 [pid 6175] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6175] close(5) = 0 [pid 6175] close(4) = 0 [pid 6175] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = 0 [pid 6175] <... futex resumed>) = 1 [pid 6174] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6174] <... futex resumed>) = 0 [pid 6175] <... openat resumed>) = 4 [pid 6174] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... futex resumed>) = 1 [pid 6175] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6175] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... futex resumed>) = 1 [pid 6175] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6175] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = 0 [pid 6174] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... futex resumed>) = 1 [pid 6175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6175] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6175] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6174] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6175] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6175] <... openat resumed>) = 6 [pid 6174] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6175] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6176 attached [pid 6175] <... futex resumed>) = 0 [pid 6176] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6174] <... clone3 resumed> => {parent_tid=[6176]}, 88) = 6176 [pid 6176] <... rseq resumed>) = 0 [pid 6174] rt_sigprocmask(SIG_SETMASK, [], [pid 6176] set_robust_list(0x7f6d360d69a0, 24 [pid 6174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6176] <... set_robust_list resumed>) = 0 [pid 6174] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], [pid 6174] <... futex resumed>) = 0 [pid 6176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6174] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6175] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6176] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 129.251145][ T6175] loop0: detected capacity change from 0 to 64 [pid 6176] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] <... futex resumed>) = 0 [pid 6174] exit_group(0 [pid 6176] <... futex resumed>) = ? [pid 6175] <... futex resumed>) = ? [pid 6174] <... exit_group resumed>) = ? [pid 6176] +++ exited with 0 +++ [pid 6175] +++ exited with 0 +++ [pid 6174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6174, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./376/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./376/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./376/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/bus") = 0 umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./376/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6177 attached , child_tidptr=0x5555564f6750) = 6177 [pid 6177] set_robust_list(0x5555564f6760, 24) = 0 [pid 6177] chdir("./377") = 0 [pid 6177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6177] setpgid(0, 0) = 0 [pid 6177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6177] write(3, "1000", 4) = 4 [pid 6177] close(3) = 0 [pid 6177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6177] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6178 attached => {parent_tid=[6178]}, 88) = 6178 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6177] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6178] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6178] memfd_create("syzkaller", 0) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6178] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6178] close(3) = 0 [pid 6178] mkdir("./bus", 0777) = 0 [pid 6178] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6178] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6178] chdir("./bus") = 0 [pid 6178] ioctl(4, LOOP_CLR_FD) = 0 [pid 6178] close(4) = 0 [pid 6178] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6177] <... futex resumed>) = 1 [pid 6178] memfd_create("syzkaller", 0 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6178] <... memfd_create resumed>) = 4 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6178] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6178] munmap(0x7f6d360cf000, 32768) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6178] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6178] ioctl(5, LOOP_CLR_FD) = 0 [pid 6178] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6178] close(5) = 0 [ 129.402606][ T6178] loop0: detected capacity change from 0 to 64 [pid 6178] close(4) = 0 [pid 6178] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] <... futex resumed>) = 0 [pid 6178] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6178] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6178] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6177] <... futex resumed>) = 1 [pid 6178] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... mmap resumed>) = 0x20000000 [pid 6178] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6177] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6178] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6178] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6177] <... mmap resumed>) = 0x7f6d360b6000 [pid 6177] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6178] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6177] <... mprotect resumed>) = 0 [pid 6177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6179 attached [pid 6179] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6177] <... clone3 resumed> => {parent_tid=[6179]}, 88) = 6179 [pid 6179] <... rseq resumed>) = 0 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6179] set_robust_list(0x7f6d360d69a0, 24 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6179] <... set_robust_list resumed>) = 0 [pid 6179] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6179] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6177] <... futex resumed>) = 0 [pid 6179] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6177] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6179] <... futex resumed>) = 1 [pid 6179] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] <... openat resumed>) = 6 [pid 6178] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] exit_group(0 [pid 6179] <... futex resumed>) = ? [pid 6178] <... futex resumed>) = ? [pid 6177] <... exit_group resumed>) = ? [pid 6178] +++ exited with 0 +++ [pid 6179] +++ exited with 0 +++ [pid 6177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6177, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./377/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./377/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./377/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/bus") = 0 umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./377/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6180 attached [pid 6180] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6180 [pid 6180] chdir("./378") = 0 [pid 6180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6180] setpgid(0, 0) = 0 [pid 6180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6180] write(3, "1000", 4) = 4 [pid 6180] close(3) = 0 [pid 6180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6180] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6180] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6180] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6181 attached [pid 6181] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6180] <... clone3 resumed> => {parent_tid=[6181]}, 88) = 6181 [pid 6181] <... rseq resumed>) = 0 [pid 6180] rt_sigprocmask(SIG_SETMASK, [], [pid 6181] set_robust_list(0x7f6d468e79a0, 24 [pid 6180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6181] <... set_robust_list resumed>) = 0 [pid 6180] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] rt_sigprocmask(SIG_SETMASK, [], [pid 6180] <... futex resumed>) = 0 [pid 6181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6181] memfd_create("syzkaller", 0 [pid 6180] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6181] <... memfd_create resumed>) = 3 [pid 6181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6181] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6181] close(3) = 0 [pid 6181] mkdir("./bus", 0777) = 0 [pid 6181] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6181] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6181] chdir("./bus") = 0 [pid 6181] ioctl(4, LOOP_CLR_FD) = 0 [pid 6181] close(4) = 0 [pid 6181] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... futex resumed>) = 1 [pid 6180] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] memfd_create("syzkaller", 0 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... memfd_create resumed>) = 4 [pid 6180] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6181] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6181] munmap(0x7f6d360cf000, 32768) = 0 [pid 6181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6181] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6181] ioctl(5, LOOP_CLR_FD) = 0 [pid 6181] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6181] close(5) = 0 [pid 6181] close(4) = 0 [pid 6181] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6181] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6181] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... openat resumed>) = 4 [pid 6180] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... futex resumed>) = 1 [pid 6180] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... write resumed>) = 12288 [pid 6180] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... futex resumed>) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6181] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6180] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] <... mmap resumed>) = 0x20000000 [pid 6181] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6181] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... futex resumed>) = 0 [pid 6181] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6181] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6180] <... futex resumed>) = 1 [pid 6181] <... openat resumed>) = 5 [ 129.527896][ T6181] loop0: detected capacity change from 0 to 64 [pid 6180] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] <... futex resumed>) = 1 [pid 6180] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6180] <... futex resumed>) = 0 [pid 6180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6181] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6180] <... mmap resumed>) = 0x7f6d360b6000 [pid 6180] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6181] <... openat resumed>) = 6 [pid 6181] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6181] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] <... mprotect resumed>) = 0 [pid 6180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6182]}, 88) = 6182 [pid 6180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6180] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6182 attached [pid 6180] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6182] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6182] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6182] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6182] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6182] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] exit_group(0) = ? [pid 6182] <... futex resumed>) = ? [pid 6181] <... futex resumed>) = ? [pid 6182] +++ exited with 0 +++ [pid 6181] +++ exited with 0 +++ [pid 6180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6180, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./378/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./378/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./378/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/bus") = 0 umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./378/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6183 attached , child_tidptr=0x5555564f6750) = 6183 [pid 6183] set_robust_list(0x5555564f6760, 24) = 0 [pid 6183] chdir("./379") = 0 [pid 6183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6183] setpgid(0, 0) = 0 [pid 6183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6183] write(3, "1000", 4) = 4 [pid 6183] close(3) = 0 [pid 6183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6183] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6183] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6184 attached => {parent_tid=[6184]}, 88) = 6184 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], [pid 6184] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6183] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6184] <... rseq resumed>) = 0 [pid 6184] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6184] memfd_create("syzkaller", 0) = 3 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6184] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6184] close(3) = 0 [pid 6184] mkdir("./bus", 0777) = 0 [pid 6184] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6184] chdir("./bus") = 0 [pid 6184] ioctl(4, LOOP_CLR_FD) = 0 [pid 6184] close(4) = 0 [pid 6184] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6184] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] <... futex resumed>) = 0 [pid 6183] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6184] <... futex resumed>) = 0 [pid 6184] memfd_create("syzkaller", 0) = 4 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6184] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6184] munmap(0x7f6d360cf000, 32768) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6184] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6184] ioctl(5, LOOP_CLR_FD) = 0 [pid 6184] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6184] close(5) = 0 [pid 6184] close(4) = 0 [pid 6184] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6183] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6184] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6183] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6184] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6183] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... write resumed>) = 12288 [ 129.655424][ T6184] loop0: detected capacity change from 0 to 64 [pid 6184] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6183] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... mmap resumed>) = 0x20000000 [pid 6183] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6183] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6183] <... futex resumed>) = 0 [pid 6184] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6183] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... openat resumed>) = 5 [pid 6184] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6183] <... futex resumed>) = 0 [pid 6184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6183] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6184] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6183] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6184] <... openat resumed>) = 6 [pid 6183] <... mprotect resumed>) = 0 [pid 6183] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6184] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6184] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6185 attached [pid 6184] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6183] <... clone3 resumed> => {parent_tid=[6185]}, 88) = 6185 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], [pid 6185] <... rseq resumed>) = 0 [pid 6183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6185] set_robust_list(0x7f6d360d69a0, 24 [pid 6183] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] <... set_robust_list resumed>) = 0 [pid 6183] <... futex resumed>) = 0 [pid 6185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6183] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6185] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6185] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6185] <... futex resumed>) = 1 [pid 6183] exit_group(0 [pid 6185] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6185] +++ exited with 0 +++ [pid 6184] <... futex resumed>) = ? [pid 6183] <... exit_group resumed>) = ? [pid 6184] +++ exited with 0 +++ [pid 6183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6183, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./379/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./379/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./379/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/bus") = 0 umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./379/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6186 attached , child_tidptr=0x5555564f6750) = 6186 [pid 6186] set_robust_list(0x5555564f6760, 24) = 0 [pid 6186] chdir("./380") = 0 [pid 6186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6186] setpgid(0, 0) = 0 [pid 6186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6186] write(3, "1000", 4) = 4 [pid 6186] close(3) = 0 [pid 6186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6186] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6186] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6187 attached [pid 6187] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6186] <... clone3 resumed> => {parent_tid=[6187]}, 88) = 6187 [pid 6187] set_robust_list(0x7f6d468e79a0, 24 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], [pid 6187] <... set_robust_list resumed>) = 0 [pid 6186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6187] rt_sigprocmask(SIG_SETMASK, [], [pid 6186] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6186] <... futex resumed>) = 0 [pid 6187] memfd_create("syzkaller", 0 [pid 6186] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6187] <... memfd_create resumed>) = 3 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6187] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6187] close(3) = 0 [pid 6187] mkdir("./bus", 0777) = 0 [pid 6187] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6187] chdir("./bus") = 0 [pid 6187] ioctl(4, LOOP_CLR_FD) = 0 [pid 6187] close(4) = 0 [pid 6187] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] <... futex resumed>) = 0 [pid 6186] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6187] memfd_create("syzkaller", 0) = 4 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6187] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6187] munmap(0x7f6d360cf000, 32768) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6187] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6187] ioctl(5, LOOP_CLR_FD) = 0 [pid 6187] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6187] close(5) = 0 [pid 6187] close(4) = 0 [pid 6187] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6186] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... openat resumed>) = 4 [pid 6187] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6187] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6187] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] <... futex resumed>) = 0 [pid 6186] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6187] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6187] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6186] <... futex resumed>) = 0 [pid 6187] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6186] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6186] <... futex resumed>) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6187] <... openat resumed>) = 6 [pid 6187] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] <... mmap resumed>) = 0x7f6d360b6000 [pid 6187] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6188 attached [pid 6188] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6186] <... clone3 resumed> => {parent_tid=[6188]}, 88) = 6188 [pid 6188] <... rseq resumed>) = 0 [pid 6188] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], [pid 6188] rt_sigprocmask(SIG_SETMASK, [], [pid 6186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6188] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 129.799664][ T6187] loop0: detected capacity change from 0 to 64 [pid 6188] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6188] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6188] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6188] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] exit_group(0) = ? [pid 6187] <... futex resumed>) = ? [pid 6188] <... futex resumed>) = ? [pid 6187] +++ exited with 0 +++ [pid 6188] +++ exited with 0 +++ [pid 6186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6186, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./380/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./380/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./380/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/bus") = 0 umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./380/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6189 attached , child_tidptr=0x5555564f6750) = 6189 [pid 6189] set_robust_list(0x5555564f6760, 24) = 0 [pid 6189] chdir("./381") = 0 [pid 6189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6189] setpgid(0, 0) = 0 [pid 6189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6189] write(3, "1000", 4) = 4 [pid 6189] close(3) = 0 [pid 6189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6189] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6189] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6190 attached [pid 6190] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6190] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6190] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] <... clone3 resumed> => {parent_tid=[6190]}, 88) = 6190 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6189] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6190] <... futex resumed>) = 0 [pid 6190] memfd_create("syzkaller", 0) = 3 [pid 6190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6190] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6190] close(3) = 0 [pid 6190] mkdir("./bus", 0777) = 0 [pid 6190] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6190] chdir("./bus") = 0 [pid 6190] ioctl(4, LOOP_CLR_FD) = 0 [pid 6190] close(4) = 0 [pid 6190] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = 1 [pid 6190] memfd_create("syzkaller", 0 [pid 6189] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6190] <... memfd_create resumed>) = 4 [pid 6190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6190] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6190] munmap(0x7f6d360cf000, 32768) = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6190] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6190] ioctl(5, LOOP_CLR_FD) = 0 [pid 6190] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6190] close(5) = 0 [pid 6190] close(4) = 0 [pid 6190] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6190] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6189] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... openat resumed>) = 4 [pid 6190] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6190] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6189] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... write resumed>) = 12288 [pid 6190] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6190] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6189] <... futex resumed>) = 0 [pid 6190] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6189] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... mmap resumed>) = 0x20000000 [pid 6190] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6190] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6190] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [ 129.937499][ T6190] loop0: detected capacity change from 0 to 64 [pid 6189] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6190] <... openat resumed>) = 6 [pid 6189] <... mprotect resumed>) = 0 [pid 6190] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6191 attached [pid 6191] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6189] <... clone3 resumed> => {parent_tid=[6191]}, 88) = 6191 [pid 6191] <... rseq resumed>) = 0 [pid 6191] set_robust_list(0x7f6d360d69a0, 24 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], [pid 6191] <... set_robust_list resumed>) = 0 [pid 6189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6191] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6189] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6191] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] exit_group(0 [pid 6191] <... futex resumed>) = ? [pid 6189] <... exit_group resumed>) = ? [pid 6191] +++ exited with 0 +++ [pid 6190] <... futex resumed>) = ? [pid 6190] +++ exited with 0 +++ [pid 6189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6189, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./381/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./381/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./381/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/bus") = 0 umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./381/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6192 ./strace-static-x86_64: Process 6192 attached [pid 6192] set_robust_list(0x5555564f6760, 24) = 0 [pid 6192] chdir("./382") = 0 [pid 6192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6192] setpgid(0, 0) = 0 [pid 6192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6192] write(3, "1000", 4) = 4 [pid 6192] close(3) = 0 [pid 6192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6192] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6192] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6193 attached => {parent_tid=[6193]}, 88) = 6193 [pid 6192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6192] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6193] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6193] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6193] memfd_create("syzkaller", 0) = 3 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6193] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6193] close(3) = 0 [pid 6193] mkdir("./bus", 0777) = 0 [pid 6193] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6193] chdir("./bus") = 0 [pid 6193] ioctl(4, LOOP_CLR_FD) = 0 [pid 6193] close(4) = 0 [pid 6193] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6193] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6193] <... futex resumed>) = 0 [pid 6192] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6193] memfd_create("syzkaller", 0) = 4 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6193] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6193] munmap(0x7f6d360cf000, 32768) = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6193] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6193] ioctl(5, LOOP_CLR_FD) = 0 [pid 6193] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6193] close(5) = 0 [pid 6193] close(4) = 0 [pid 6193] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6192] <... futex resumed>) = 0 [pid 6193] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6192] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... openat resumed>) = 4 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... futex resumed>) = 1 [pid 6193] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6193] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... futex resumed>) = 1 [pid 6193] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6193] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 1 [pid 6192] <... futex resumed>) = 0 [pid 6193] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6192] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6193] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 1 [pid 6192] <... futex resumed>) = 0 [pid 6193] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6192] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6193] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6193] <... openat resumed>) = 6 [pid 6192] <... mmap resumed>) = 0x7f6d360b6000 [pid 6193] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6193] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6194 attached [pid 6194] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6192] <... clone3 resumed> => {parent_tid=[6194]}, 88) = 6194 [pid 6194] set_robust_list(0x7f6d360d69a0, 24 [pid 6192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6192] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6194] <... set_robust_list resumed>) = 0 [pid 6194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6194] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6194] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6194] <... futex resumed>) = 1 [pid 6194] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] exit_group(0 [pid 6193] <... futex resumed>) = ? [pid 6192] <... exit_group resumed>) = ? [pid 6194] <... futex resumed>) = ? [pid 6193] +++ exited with 0 +++ [pid 6194] +++ exited with 0 +++ [pid 6192] +++ exited with 0 +++ [ 130.066181][ T6193] loop0: detected capacity change from 0 to 64 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6192, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./382/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./382/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./382/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/bus") = 0 umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./382/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6195 attached [pid 6195] set_robust_list(0x5555564f6760, 24) = 0 [pid 6195] chdir("./383") = 0 [pid 6195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6195] setpgid(0, 0) = 0 [pid 6195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6195] write(3, "1000", 4) = 4 [pid 6195] close(3) = 0 [pid 6195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6195] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6195] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6195 [pid 6195] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6196]}, 88) = 6196 ./strace-static-x86_64: Process 6196 attached [pid 6196] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6196] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6196] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6195] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = 0 [pid 6195] <... futex resumed>) = 1 [pid 6196] memfd_create("syzkaller", 0 [pid 6195] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6196] <... memfd_create resumed>) = 3 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6196] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6196] close(3) = 0 [pid 6196] mkdir("./bus", 0777) = 0 [pid 6196] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6196] chdir("./bus") = 0 [pid 6196] ioctl(4, LOOP_CLR_FD) = 0 [pid 6196] close(4) = 0 [pid 6196] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6196] <... futex resumed>) = 1 [pid 6196] memfd_create("syzkaller", 0) = 4 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6196] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6196] munmap(0x7f6d360cf000, 32768) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6196] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6196] ioctl(5, LOOP_CLR_FD) = 0 [pid 6196] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6196] close(5) = 0 [pid 6196] close(4) = 0 [pid 6196] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... futex resumed>) = 1 [pid 6196] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6196] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... futex resumed>) = 1 [pid 6196] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6196] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... futex resumed>) = 1 [pid 6196] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6196] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... futex resumed>) = 1 [pid 6196] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6196] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6196] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6195] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6196] <... futex resumed>) = 1 [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6197 attached [pid 6196] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6197] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6196] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6197] <... rseq resumed>) = 0 [pid 6196] <... openat resumed>) = 6 [pid 6195] <... clone3 resumed> => {parent_tid=[6197]}, 88) = 6197 [pid 6197] set_robust_list(0x7f6d360d69a0, 24 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], [pid 6197] <... set_robust_list resumed>) = 0 [pid 6195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6197] rt_sigprocmask(SIG_SETMASK, [], [pid 6195] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6195] <... futex resumed>) = 0 [pid 6197] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6195] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6196] <... futex resumed>) = 0 [pid 6196] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6197] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] exit_group(0 [pid 6197] <... futex resumed>) = ? [pid 6196] <... futex resumed>) = ? [ 130.188573][ T6196] loop0: detected capacity change from 0 to 64 [pid 6197] +++ exited with 0 +++ [pid 6196] +++ exited with 0 +++ [pid 6195] <... exit_group resumed>) = ? [pid 6195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6195, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./383/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./383/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./383/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/bus") = 0 umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./383/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6198 attached , child_tidptr=0x5555564f6750) = 6198 [pid 6198] set_robust_list(0x5555564f6760, 24) = 0 [pid 6198] chdir("./384") = 0 [pid 6198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6198] setpgid(0, 0) = 0 [pid 6198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6198] write(3, "1000", 4) = 4 [pid 6198] close(3) = 0 [pid 6198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6198] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6198] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6199 attached => {parent_tid=[6199]}, 88) = 6199 [pid 6199] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6198] rt_sigprocmask(SIG_SETMASK, [], [pid 6199] set_robust_list(0x7f6d468e79a0, 24 [pid 6198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6199] <... set_robust_list resumed>) = 0 [pid 6198] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] rt_sigprocmask(SIG_SETMASK, [], [pid 6198] <... futex resumed>) = 0 [pid 6199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6198] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6199] memfd_create("syzkaller", 0) = 3 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6199] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6199] close(3) = 0 [pid 6199] mkdir("./bus", 0777) = 0 [pid 6199] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6199] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6199] chdir("./bus") = 0 [pid 6199] ioctl(4, LOOP_CLR_FD) = 0 [pid 6199] close(4) = 0 [pid 6199] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6199] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6199] <... futex resumed>) = 0 [pid 6198] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6199] memfd_create("syzkaller", 0) = 4 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6199] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6199] munmap(0x7f6d360cf000, 32768) = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6199] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6199] ioctl(5, LOOP_CLR_FD) = 0 [pid 6199] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6199] close(5) = 0 [pid 6199] close(4) = 0 [pid 6199] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = 1 [pid 6199] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6198] <... futex resumed>) = 0 [pid 6199] <... openat resumed>) = 4 [pid 6198] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... futex resumed>) = 1 [pid 6199] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6199] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... futex resumed>) = 1 [pid 6199] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6199] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6199] <... futex resumed>) = 1 [pid 6198] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6199] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6199] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = 0 [ 130.329227][ T6199] loop0: detected capacity change from 0 to 64 [pid 6198] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6199] <... futex resumed>) = 1 [pid 6199] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6199] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6198] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... openat resumed>) = 6 [pid 6198] <... futex resumed>) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6199] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6199] <... futex resumed>) = 0 [pid 6199] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] <... mprotect resumed>) = 0 [pid 6198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6200 attached => {parent_tid=[6200]}, 88) = 6200 [pid 6200] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6198] rt_sigprocmask(SIG_SETMASK, [], [pid 6200] set_robust_list(0x7f6d360d69a0, 24 [pid 6198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6200] <... set_robust_list resumed>) = 0 [pid 6198] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] rt_sigprocmask(SIG_SETMASK, [], [pid 6198] <... futex resumed>) = 0 [pid 6200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6198] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6200] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] <... futex resumed>) = 0 [pid 6198] exit_group(0 [pid 6199] <... futex resumed>) = ? [pid 6200] <... futex resumed>) = ? [pid 6199] +++ exited with 0 +++ [pid 6200] +++ exited with 0 +++ [pid 6198] <... exit_group resumed>) = ? [pid 6198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6198, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./384/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./384/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./384/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/bus") = 0 umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./384/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6201 attached , child_tidptr=0x5555564f6750) = 6201 [pid 6201] set_robust_list(0x5555564f6760, 24) = 0 [pid 6201] chdir("./385") = 0 [pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6201] setpgid(0, 0) = 0 [pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6201] write(3, "1000", 4) = 4 [pid 6201] close(3) = 0 [pid 6201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6201] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6201] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6202 attached => {parent_tid=[6202]}, 88) = 6202 [pid 6202] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6201] rt_sigprocmask(SIG_SETMASK, [], [pid 6202] <... rseq resumed>) = 0 [pid 6201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6202] set_robust_list(0x7f6d468e79a0, 24 [pid 6201] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... set_robust_list resumed>) = 0 [pid 6201] <... futex resumed>) = 0 [pid 6202] rt_sigprocmask(SIG_SETMASK, [], [pid 6201] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6202] memfd_create("syzkaller", 0) = 3 [pid 6202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6202] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6202] close(3) = 0 [pid 6202] mkdir("./bus", 0777) = 0 [pid 6202] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6202] chdir("./bus") = 0 [pid 6202] ioctl(4, LOOP_CLR_FD) = 0 [pid 6202] close(4) = 0 [pid 6202] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6202] <... futex resumed>) = 1 [pid 6202] memfd_create("syzkaller", 0 [pid 6201] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... memfd_create resumed>) = 4 [pid 6201] <... futex resumed>) = 0 [pid 6202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6201] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6202] <... mmap resumed>) = 0x7f6d360cf000 [pid 6202] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6202] munmap(0x7f6d360cf000, 32768) = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6202] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6202] ioctl(5, LOOP_CLR_FD) = 0 [pid 6202] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6202] close(5) = 0 [pid 6202] close(4) = 0 [pid 6202] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6202] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = 0 [pid 6202] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6202] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6201] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6201] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... write resumed>) = 12288 [pid 6202] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... futex resumed>) = 1 [pid 6202] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6202] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6202] <... futex resumed>) = 1 [pid 6202] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6201] <... futex resumed>) = 0 [pid 6202] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6201] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6202] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6202] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6201] <... futex resumed>) = 0 [pid 6202] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6201] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6202] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6202] <... openat resumed>) = 6 [pid 6201] <... mmap resumed>) = 0x7f6d360b6000 [pid 6201] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6202] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6202] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6203]}, 88) = 6203 ./strace-static-x86_64: Process 6203 attached [pid 6203] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6201] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6203] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6203] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6203] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6203] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] exit_group(0 [pid 6202] <... futex resumed>) = ? [pid 6203] <... futex resumed>) = ? [pid 6201] <... exit_group resumed>) = ? [pid 6203] +++ exited with 0 +++ [pid 6202] +++ exited with 0 +++ [pid 6201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6201, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 130.470561][ T6202] loop0: detected capacity change from 0 to 64 umount2("./385/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./385/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./385/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/bus") = 0 umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./385/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6204 attached , child_tidptr=0x5555564f6750) = 6204 [pid 6204] set_robust_list(0x5555564f6760, 24) = 0 [pid 6204] chdir("./386") = 0 [pid 6204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6204] setpgid(0, 0) = 0 [pid 6204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6204] write(3, "1000", 4) = 4 [pid 6204] close(3) = 0 [pid 6204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6204] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6204] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6204] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6205 attached [pid 6205] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6204] <... clone3 resumed> => {parent_tid=[6205]}, 88) = 6205 [pid 6205] <... rseq resumed>) = 0 [pid 6204] rt_sigprocmask(SIG_SETMASK, [], [pid 6205] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6204] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] memfd_create("syzkaller", 0 [pid 6204] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6205] <... memfd_create resumed>) = 3 [pid 6205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6205] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6205] close(3) = 0 [pid 6205] mkdir("./bus", 0777) = 0 [pid 6205] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6205] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6205] chdir("./bus") = 0 [pid 6205] ioctl(4, LOOP_CLR_FD) = 0 [pid 6205] close(4) = 0 [pid 6205] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] <... futex resumed>) = 0 [pid 6204] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 0 [pid 6205] memfd_create("syzkaller", 0 [pid 6204] <... futex resumed>) = 1 [pid 6205] <... memfd_create resumed>) = 4 [pid 6204] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6205] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6205] munmap(0x7f6d360cf000, 32768) = 0 [pid 6205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6205] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6205] ioctl(5, LOOP_CLR_FD) = 0 [pid 6205] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6205] close(5) = 0 [pid 6205] close(4) = 0 [pid 6205] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 0 [pid 6204] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 1 [pid 6205] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6204] <... futex resumed>) = 0 [pid 6205] <... openat resumed>) = 4 [pid 6204] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 0 [pid 6204] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6204] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... futex resumed>) = 1 [pid 6205] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6205] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 0 [pid 6204] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6204] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... futex resumed>) = 1 [pid 6205] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6205] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 0 [pid 6205] <... futex resumed>) = 1 [pid 6204] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6204] <... futex resumed>) = 0 [pid 6205] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6204] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... openat resumed>) = 5 [pid 6205] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 0 [pid 6204] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6204] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 1 [pid 6204] <... futex resumed>) = 0 [pid 6204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6205] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6204] <... mmap resumed>) = 0x7f6d360b6000 [pid 6205] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6204] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6205] <... openat resumed>) = 6 [pid 6204] <... mprotect resumed>) = 0 [pid 6204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6205] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6206 attached [pid 6205] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6206] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6204] <... clone3 resumed> => {parent_tid=[6206]}, 88) = 6206 [pid 6206] <... rseq resumed>) = 0 [pid 6204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6204] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] set_robust_list(0x7f6d360d69a0, 24 [pid 6204] <... futex resumed>) = 0 [pid 6206] <... set_robust_list resumed>) = 0 [pid 6206] rt_sigprocmask(SIG_SETMASK, [], [pid 6204] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6206] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [ 130.593548][ T6205] loop0: detected capacity change from 0 to 64 [pid 6206] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6206] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] <... futex resumed>) = 0 [pid 6204] exit_group(0 [pid 6206] <... futex resumed>) = ? [pid 6206] +++ exited with 0 +++ [pid 6205] <... futex resumed>) = ? [pid 6205] +++ exited with 0 +++ [pid 6204] <... exit_group resumed>) = ? [pid 6204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6204, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./386/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./386/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./386/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/bus") = 0 umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./386/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6207 ./strace-static-x86_64: Process 6207 attached [pid 6207] set_robust_list(0x5555564f6760, 24) = 0 [pid 6207] chdir("./387") = 0 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6207] setpgid(0, 0) = 0 [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 6207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6207] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6207] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6208 attached [pid 6208] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6207] <... clone3 resumed> => {parent_tid=[6208]}, 88) = 6208 [pid 6208] <... rseq resumed>) = 0 [pid 6208] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6207] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6208] memfd_create("syzkaller", 0) = 3 [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6208] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6208] close(3) = 0 [pid 6208] mkdir("./bus", 0777) = 0 [pid 6208] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6208] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6208] chdir("./bus") = 0 [pid 6208] ioctl(4, LOOP_CLR_FD) = 0 [pid 6208] close(4) = 0 [pid 6208] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] <... futex resumed>) = 0 [pid 6208] memfd_create("syzkaller", 0) = 4 [pid 6207] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6208] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6208] munmap(0x7f6d360cf000, 32768) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6208] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6208] ioctl(5, LOOP_CLR_FD) = 0 [pid 6208] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6208] close(5) = 0 [pid 6208] close(4) = 0 [pid 6208] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6208] <... futex resumed>) = 1 [pid 6207] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... futex resumed>) = 1 [pid 6208] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6208] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6208] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6207] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... mmap resumed>) = 0x20000000 [pid 6208] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6207] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6208] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6208] <... futex resumed>) = 1 [pid 6208] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6208] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6207] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6208] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6208] <... openat resumed>) = 6 [pid 6207] <... mmap resumed>) = 0x7f6d360b6000 [pid 6207] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6208] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6208] <... futex resumed>) = 0 [pid 6208] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6209]}, 88) = 6209 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6207] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6209 attached ) = 0 [pid 6207] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6209] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6209] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [ 130.733735][ T6208] loop0: detected capacity change from 0 to 64 [pid 6209] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6207] exit_group(0 [pid 6208] <... futex resumed>) = ? [pid 6207] <... exit_group resumed>) = ? [pid 6208] +++ exited with 0 +++ [pid 6209] +++ exited with 0 +++ [pid 6207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6207, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./387/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./387/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./387/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/bus") = 0 umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./387/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6210 attached , child_tidptr=0x5555564f6750) = 6210 [pid 6210] set_robust_list(0x5555564f6760, 24) = 0 [pid 6210] chdir("./388") = 0 [pid 6210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6210] setpgid(0, 0) = 0 [pid 6210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6210] write(3, "1000", 4) = 4 [pid 6210] close(3) = 0 [pid 6210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6210] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6210] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6211]}, 88) = 6211 ./strace-static-x86_64: Process 6211 attached [pid 6211] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6210] rt_sigprocmask(SIG_SETMASK, [], [pid 6211] <... rseq resumed>) = 0 [pid 6211] set_robust_list(0x7f6d468e79a0, 24 [pid 6210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6211] <... set_robust_list resumed>) = 0 [pid 6211] rt_sigprocmask(SIG_SETMASK, [], [pid 6210] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6211] memfd_create("syzkaller", 0) = 3 [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6211] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6211] close(3) = 0 [pid 6211] mkdir("./bus", 0777) = 0 [pid 6211] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6211] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6211] chdir("./bus") = 0 [pid 6211] ioctl(4, LOOP_CLR_FD) = 0 [pid 6211] close(4) = 0 [pid 6211] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 0 [pid 6211] memfd_create("syzkaller", 0) = 4 [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6211] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6211] munmap(0x7f6d360cf000, 32768) = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6211] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6211] ioctl(5, LOOP_CLR_FD) = 0 [pid 6210] <... futex resumed>) = 1 [pid 6210] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6211] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6211] close(5) = 0 [pid 6211] close(4) = 0 [pid 6211] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6210] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6210] <... futex resumed>) = 0 [pid 6211] <... openat resumed>) = 4 [pid 6210] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 0 [pid 6210] <... futex resumed>) = 1 [pid 6211] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6210] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] <... write resumed>) = 12288 [pid 6211] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = 1 [pid 6210] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6210] <... futex resumed>) = 0 [ 130.859883][ T6211] loop0: detected capacity change from 0 to 64 [pid 6211] <... mmap resumed>) = 0x20000000 [pid 6210] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6211] <... futex resumed>) = 0 [pid 6211] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 0 [pid 6211] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6210] <... futex resumed>) = 1 [pid 6211] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6210] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] <... openat resumed>) = 5 [pid 6211] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6210] <... futex resumed>) = 0 [pid 6211] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6210] <... futex resumed>) = 0 [pid 6211] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6211] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6210] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6210] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] <... openat resumed>) = 6 [pid 6210] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6211] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6211] <... futex resumed>) = 0 [pid 6210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6211] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6212 attached [pid 6210] <... clone3 resumed> => {parent_tid=[6212]}, 88) = 6212 [pid 6210] rt_sigprocmask(SIG_SETMASK, [], [pid 6212] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6212] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6212] rt_sigprocmask(SIG_SETMASK, [], [pid 6210] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6212] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6210] exit_group(0 [pid 6212] <... futex resumed>) = 1 [pid 6212] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6210] <... exit_group resumed>) = ? [pid 6212] +++ exited with 0 +++ [pid 6211] <... futex resumed>) = ? [pid 6211] +++ exited with 0 +++ [pid 6210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6210, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./388/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./388/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./388/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/bus") = 0 umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./388/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6213 attached , child_tidptr=0x5555564f6750) = 6213 [pid 6213] set_robust_list(0x5555564f6760, 24) = 0 [pid 6213] chdir("./389") = 0 [pid 6213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6213] setpgid(0, 0) = 0 [pid 6213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6213] write(3, "1000", 4) = 4 [pid 6213] close(3) = 0 [pid 6213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6213] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6213] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6214 attached [pid 6214] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6213] <... clone3 resumed> => {parent_tid=[6214]}, 88) = 6214 [pid 6214] set_robust_list(0x7f6d468e79a0, 24 [pid 6213] rt_sigprocmask(SIG_SETMASK, [], [pid 6214] <... set_robust_list resumed>) = 0 [pid 6214] rt_sigprocmask(SIG_SETMASK, [], [pid 6213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6213] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] memfd_create("syzkaller", 0 [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6214] <... memfd_create resumed>) = 3 [pid 6214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6214] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6214] close(3) = 0 [pid 6214] mkdir("./bus", 0777) = 0 [pid 6214] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6214] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6214] chdir("./bus") = 0 [pid 6214] ioctl(4, LOOP_CLR_FD) = 0 [pid 6214] close(4) = 0 [pid 6214] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6214] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6213] <... futex resumed>) = 0 [pid 6214] memfd_create("syzkaller", 0) = 4 [pid 6213] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6214] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6214] munmap(0x7f6d360cf000, 32768) = 0 [pid 6214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6214] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6214] ioctl(5, LOOP_CLR_FD) = 0 [pid 6214] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6214] close(5) = 0 [pid 6214] close(4) = 0 [pid 6214] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6214] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6213] <... futex resumed>) = 0 [pid 6214] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6213] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] <... openat resumed>) = 4 [pid 6214] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6214] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6214] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... futex resumed>) = 0 [pid 6214] <... futex resumed>) = 1 [pid 6213] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6213] <... futex resumed>) = 0 [pid 6214] <... mmap resumed>) = 0x20000000 [pid 6213] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] <... futex resumed>) = 1 [pid 6214] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6213] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6214] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... futex resumed>) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6214] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6213] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6214] <... openat resumed>) = 6 [pid 6213] <... mmap resumed>) = 0x7f6d360b6000 [pid 6213] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6214] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6214] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6215 attached => {parent_tid=[6215]}, 88) = 6215 [pid 6213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6213] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6215] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 130.992897][ T6214] loop0: detected capacity change from 0 to 64 [pid 6215] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6215] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6215] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] exit_group(0 [pid 6214] <... futex resumed>) = ? [pid 6215] <... futex resumed>) = ? [pid 6213] <... exit_group resumed>) = ? [pid 6215] +++ exited with 0 +++ [pid 6214] +++ exited with 0 +++ [pid 6213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6213, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./389/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./389/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./389/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/bus") = 0 umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./389/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6216 attached , child_tidptr=0x5555564f6750) = 6216 [pid 6216] set_robust_list(0x5555564f6760, 24) = 0 [pid 6216] chdir("./390") = 0 [pid 6216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6216] setpgid(0, 0) = 0 [pid 6216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6216] write(3, "1000", 4) = 4 [pid 6216] close(3) = 0 [pid 6216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6216] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6216] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6217 attached => {parent_tid=[6217]}, 88) = 6217 [pid 6217] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6216] rt_sigprocmask(SIG_SETMASK, [], [pid 6217] <... rseq resumed>) = 0 [pid 6217] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6216] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] rt_sigprocmask(SIG_SETMASK, [], [pid 6216] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6217] memfd_create("syzkaller", 0) = 3 [pid 6217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6217] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6217] close(3) = 0 [pid 6217] mkdir("./bus", 0777) = 0 [pid 6217] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6217] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6217] chdir("./bus") = 0 [pid 6217] ioctl(4, LOOP_CLR_FD) = 0 [pid 6217] close(4) = 0 [pid 6217] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6217] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = 0 [pid 6217] memfd_create("syzkaller", 0) = 4 [pid 6217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6216] <... futex resumed>) = 1 [pid 6217] <... mmap resumed>) = 0x7f6d360cf000 [pid 6216] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6217] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6217] munmap(0x7f6d360cf000, 32768) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6217] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6217] ioctl(5, LOOP_CLR_FD) = 0 [pid 6217] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6217] close(5) = 0 [pid 6217] close(4) = 0 [pid 6217] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] <... futex resumed>) = 0 [pid 6217] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6216] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... openat resumed>) = 4 [pid 6217] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] <... futex resumed>) = 0 [pid 6217] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6216] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... write resumed>) = 12288 [pid 6217] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6216] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... mmap resumed>) = 0x20000000 [pid 6217] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6217] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 131.124778][ T6217] loop0: detected capacity change from 0 to 64 [pid 6217] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] <... futex resumed>) = 0 [pid 6217] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6216] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6216] <... futex resumed>) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6216] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6218 attached [pid 6218] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6216] <... clone3 resumed> => {parent_tid=[6218]}, 88) = 6218 [pid 6218] <... rseq resumed>) = 0 [pid 6216] rt_sigprocmask(SIG_SETMASK, [], [pid 6218] set_robust_list(0x7f6d360d69a0, 24 [pid 6216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6218] <... set_robust_list resumed>) = 0 [pid 6216] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6216] <... futex resumed>) = 0 [pid 6218] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6216] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6218] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... openat resumed>) = 6 [pid 6216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6217] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] <... futex resumed>) = 0 [pid 6216] exit_group(0 [pid 6217] <... futex resumed>) = ? [pid 6216] <... exit_group resumed>) = ? [pid 6217] +++ exited with 0 +++ [pid 6218] +++ exited with 0 +++ [pid 6216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6216, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./390/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./390/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./390/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./390/bus") = 0 umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./390/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6219 attached , child_tidptr=0x5555564f6750) = 6219 [pid 6219] set_robust_list(0x5555564f6760, 24) = 0 [pid 6219] chdir("./391") = 0 [pid 6219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6219] setpgid(0, 0) = 0 [pid 6219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6219] write(3, "1000", 4) = 4 [pid 6219] close(3) = 0 [pid 6219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6219] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6219] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6220 attached [pid 6220] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6219] <... clone3 resumed> => {parent_tid=[6220]}, 88) = 6220 [pid 6220] set_robust_list(0x7f6d468e79a0, 24 [pid 6219] rt_sigprocmask(SIG_SETMASK, [], [pid 6220] <... set_robust_list resumed>) = 0 [pid 6219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6220] rt_sigprocmask(SIG_SETMASK, [], [pid 6219] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6219] <... futex resumed>) = 0 [pid 6220] memfd_create("syzkaller", 0 [pid 6219] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6220] <... memfd_create resumed>) = 3 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6220] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6220] close(3) = 0 [pid 6220] mkdir("./bus", 0777) = 0 [pid 6220] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6220] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6220] chdir("./bus") = 0 [pid 6220] ioctl(4, LOOP_CLR_FD) = 0 [pid 6220] close(4) = 0 [pid 6220] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6219] <... futex resumed>) = 0 [pid 6220] memfd_create("syzkaller", 0 [pid 6219] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6220] <... memfd_create resumed>) = 4 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6220] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6220] munmap(0x7f6d360cf000, 32768) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6220] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6220] ioctl(5, LOOP_CLR_FD) = 0 [pid 6220] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6220] close(5) = 0 [pid 6220] close(4) = 0 [pid 6220] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6220] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... write resumed>) = 12288 [pid 6220] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6219] <... futex resumed>) = 0 [pid 6220] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6219] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... mmap resumed>) = 0x20000000 [pid 6220] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... futex resumed>) = 0 [pid 6220] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6220] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6220] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = 0 [pid 6220] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6219] <... futex resumed>) = 1 [pid 6220] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6219] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... openat resumed>) = 6 [pid 6219] <... futex resumed>) = 0 [pid 6220] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6220] <... futex resumed>) = 0 [pid 6220] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] <... mmap resumed>) = 0x7f6d360b6000 [ 131.232205][ T6220] loop0: detected capacity change from 0 to 64 [pid 6219] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6221 attached => {parent_tid=[6221]}, 88) = 6221 [pid 6221] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6219] rt_sigprocmask(SIG_SETMASK, [], [pid 6221] set_robust_list(0x7f6d360d69a0, 24 [pid 6219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6221] <... set_robust_list resumed>) = 0 [pid 6219] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] rt_sigprocmask(SIG_SETMASK, [], [pid 6219] <... futex resumed>) = 0 [pid 6221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6219] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6221] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6221] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6221] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] exit_group(0 [pid 6221] <... futex resumed>) = ? [pid 6219] <... exit_group resumed>) = ? [pid 6221] +++ exited with 0 +++ [pid 6220] <... futex resumed>) = ? [pid 6220] +++ exited with 0 +++ [pid 6219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6219, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./391/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./391/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./391/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/bus") = 0 umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./391/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6222 attached , child_tidptr=0x5555564f6750) = 6222 [pid 6222] set_robust_list(0x5555564f6760, 24) = 0 [pid 6222] chdir("./392") = 0 [pid 6222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6222] setpgid(0, 0) = 0 [pid 6222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6222] write(3, "1000", 4) = 4 [pid 6222] close(3) = 0 [pid 6222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6222] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6222] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6223]}, 88) = 6223 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6222] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6223 attached [pid 6223] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6223] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6223] memfd_create("syzkaller", 0) = 3 [pid 6223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6223] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6223] close(3) = 0 [pid 6223] mkdir("./bus", 0777) = 0 [pid 6223] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6223] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6223] chdir("./bus") = 0 [pid 6223] ioctl(4, LOOP_CLR_FD) = 0 [pid 6223] close(4) = 0 [pid 6223] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6223] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6222] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6222] <... futex resumed>) = 0 [pid 6223] memfd_create("syzkaller", 0 [pid 6222] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6223] <... memfd_create resumed>) = 4 [pid 6223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6223] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6223] munmap(0x7f6d360cf000, 32768) = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6223] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6223] ioctl(5, LOOP_CLR_FD) = 0 [pid 6223] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6223] close(5) = 0 [pid 6223] close(4) = 0 [pid 6223] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6223] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6222] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] <... openat resumed>) = 4 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... futex resumed>) = 1 [pid 6223] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6223] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... futex resumed>) = 1 [pid 6223] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6223] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 0 [pid 6223] <... futex resumed>) = 1 [pid 6222] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6222] <... futex resumed>) = 0 [pid 6223] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6222] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... openat resumed>) = 5 [pid 6223] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6223] <... futex resumed>) = 1 [pid 6223] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6222] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6223] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6222] <... mprotect resumed>) = 0 [pid 6222] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6223] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6223] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6224 attached [pid 6224] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6222] <... clone3 resumed> => {parent_tid=[6224]}, 88) = 6224 [pid 6224] <... rseq resumed>) = 0 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], [pid 6224] set_robust_list(0x7f6d360d69a0, 24 [pid 6222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6224] <... set_robust_list resumed>) = 0 [pid 6222] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6222] <... futex resumed>) = 0 [pid 6224] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6222] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6224] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6224] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 0 [pid 6222] exit_group(0) = ? [pid 6223] <... futex resumed>) = ? [pid 6224] <... futex resumed>) = ? [pid 6223] +++ exited with 0 +++ [pid 6224] +++ exited with 0 +++ [pid 6222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6222, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 131.352725][ T6223] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./392/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./392/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./392/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./392/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/bus") = 0 umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./392/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6225 attached , child_tidptr=0x5555564f6750) = 6225 [pid 6225] set_robust_list(0x5555564f6760, 24) = 0 [pid 6225] chdir("./393") = 0 [pid 6225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6225] setpgid(0, 0) = 0 [pid 6225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6225] write(3, "1000", 4) = 4 [pid 6225] close(3) = 0 [pid 6225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6225] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6225] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6226 attached [pid 6226] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6225] <... clone3 resumed> => {parent_tid=[6226]}, 88) = 6226 [pid 6226] <... rseq resumed>) = 0 [pid 6225] rt_sigprocmask(SIG_SETMASK, [], [pid 6226] set_robust_list(0x7f6d468e79a0, 24 [pid 6225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6226] <... set_robust_list resumed>) = 0 [pid 6225] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] rt_sigprocmask(SIG_SETMASK, [], [pid 6225] <... futex resumed>) = 0 [pid 6226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6225] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6226] memfd_create("syzkaller", 0) = 3 [pid 6226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6226] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6226] close(3) = 0 [pid 6226] mkdir("./bus", 0777) = 0 [pid 6226] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6226] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6226] chdir("./bus") = 0 [pid 6226] ioctl(4, LOOP_CLR_FD) = 0 [pid 6226] close(4) = 0 [pid 6226] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] <... futex resumed>) = 0 [pid 6225] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6226] memfd_create("syzkaller", 0) = 4 [pid 6226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6226] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6226] munmap(0x7f6d360cf000, 32768) = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6226] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6226] ioctl(5, LOOP_CLR_FD) = 0 [pid 6226] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6226] close(5) = 0 [pid 6226] close(4) = 0 [pid 6226] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] <... futex resumed>) = 0 [pid 6225] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6226] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6226] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6225] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] <... futex resumed>) = 0 [pid 6226] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6226] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] <... futex resumed>) = 0 [pid 6225] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6226] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6225] <... futex resumed>) = 0 [pid 6225] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] <... futex resumed>) = 1 [pid 6226] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6226] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6226] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6225] <... futex resumed>) = 0 [pid 6225] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6225] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6227]}, 88) = 6227 ./strace-static-x86_64: Process 6227 attached [pid 6225] rt_sigprocmask(SIG_SETMASK, [], [pid 6227] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6226] <... futex resumed>) = 1 [pid 6225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6227] <... rseq resumed>) = 0 [pid 6226] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6225] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] set_robust_list(0x7f6d360d69a0, 24 [pid 6225] <... futex resumed>) = 0 [pid 6227] <... set_robust_list resumed>) = 0 [pid 6226] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6225] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] rt_sigprocmask(SIG_SETMASK, [], [pid 6226] <... openat resumed>) = 6 [pid 6227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6227] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6226] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6227] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] <... futex resumed>) = 0 [ 131.492899][ T6226] loop0: detected capacity change from 0 to 64 [pid 6227] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] exit_group(0 [pid 6227] <... futex resumed>) = ? [pid 6226] <... futex resumed>) = ? [pid 6225] <... exit_group resumed>) = ? [pid 6227] +++ exited with 0 +++ [pid 6226] +++ exited with 0 +++ [pid 6225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6225, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./393/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./393/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./393/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/bus") = 0 umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./393/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6228 attached [pid 6228] set_robust_list(0x5555564f6760, 24) = 0 [pid 6228] chdir("./394") = 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6228] setpgid(0, 0) = 0 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6228] write(3, "1000", 4) = 4 [pid 6228] close(3) = 0 [pid 6228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6228] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6228] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6229 attached => {parent_tid=[6229]}, 88) = 6229 [pid 6229] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6229] set_robust_list(0x7f6d468e79a0, 24 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6229] <... set_robust_list resumed>) = 0 [pid 6228] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] <... futex resumed>) = 0 [pid 6229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6229] memfd_create("syzkaller", 0) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6229] munmap(0x7f6d3e4c7000, 32768 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6228 [pid 6229] <... munmap resumed>) = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6229] close(3) = 0 [pid 6229] mkdir("./bus", 0777) = 0 [pid 6229] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6229] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6229] chdir("./bus") = 0 [pid 6229] ioctl(4, LOOP_CLR_FD) = 0 [pid 6229] close(4) = 0 [pid 6229] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6228] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] memfd_create("syzkaller", 0 [pid 6228] <... futex resumed>) = 0 [pid 6229] <... memfd_create resumed>) = 4 [pid 6228] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6229] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6229] munmap(0x7f6d360cf000, 32768) = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6229] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6229] ioctl(5, LOOP_CLR_FD) = 0 [pid 6229] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6229] close(5) = 0 [pid 6229] close(4) = 0 [pid 6229] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6228] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... openat resumed>) = 4 [pid 6229] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... futex resumed>) = 1 [pid 6229] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6229] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... futex resumed>) = 1 [pid 6229] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6229] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6228] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6229] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6229] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6229] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6228] <... futex resumed>) = 0 [pid 6229] <... openat resumed>) = 6 [pid 6228] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6229] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6229] <... futex resumed>) = 0 [pid 6228] <... mprotect resumed>) = 0 [pid 6229] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6230 attached => {parent_tid=[6230]}, 88) = 6230 [pid 6230] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6230] <... rseq resumed>) = 0 [pid 6230] set_robust_list(0x7f6d360d69a0, 24 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6230] <... set_robust_list resumed>) = 0 [pid 6228] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] <... futex resumed>) = 0 [pid 6230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6230] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [ 131.618636][ T6229] loop0: detected capacity change from 0 to 64 [pid 6230] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] exit_group(0 [pid 6229] <... futex resumed>) = ? [pid 6230] <... futex resumed>) = ? [pid 6229] +++ exited with 0 +++ [pid 6230] +++ exited with 0 +++ [pid 6228] <... exit_group resumed>) = ? [pid 6228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./394/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./394/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./394/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./394/bus") = 0 umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./394/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6231 attached , child_tidptr=0x5555564f6750) = 6231 [pid 6231] set_robust_list(0x5555564f6760, 24) = 0 [pid 6231] chdir("./395") = 0 [pid 6231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6231] setpgid(0, 0) = 0 [pid 6231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6231] write(3, "1000", 4) = 4 [pid 6231] close(3) = 0 [pid 6231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6231] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6231] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6232 attached [pid 6232] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6231] <... clone3 resumed> => {parent_tid=[6232]}, 88) = 6232 [pid 6232] set_robust_list(0x7f6d468e79a0, 24 [pid 6231] rt_sigprocmask(SIG_SETMASK, [], [pid 6232] <... set_robust_list resumed>) = 0 [pid 6231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], [pid 6231] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6231] <... futex resumed>) = 0 [pid 6232] memfd_create("syzkaller", 0 [pid 6231] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6232] <... memfd_create resumed>) = 3 [pid 6232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6232] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6232] close(3) = 0 [pid 6232] mkdir("./bus", 0777) = 0 [pid 6232] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6232] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6232] chdir("./bus") = 0 [pid 6232] ioctl(4, LOOP_CLR_FD) = 0 [pid 6232] close(4) = 0 [pid 6232] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] memfd_create("syzkaller", 0 [pid 6231] <... futex resumed>) = 0 [pid 6232] <... memfd_create resumed>) = 4 [pid 6231] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6232] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6232] munmap(0x7f6d360cf000, 32768) = 0 [pid 6232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6232] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6232] ioctl(5, LOOP_CLR_FD) = 0 [pid 6232] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6232] close(5) = 0 [pid 6232] close(4) = 0 [pid 6232] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6231] <... futex resumed>) = 0 [pid 6232] <... openat resumed>) = 4 [pid 6231] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6232] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6231] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... write resumed>) = 12288 [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 131.750624][ T6232] loop0: detected capacity change from 0 to 64 [pid 6232] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6231] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] <... mmap resumed>) = 0x20000000 [pid 6232] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = 0 [pid 6231] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6231] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6232] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6232] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6232] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... futex resumed>) = 0 [pid 6232] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6231] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6231] <... futex resumed>) = 0 [pid 6231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6232] <... openat resumed>) = 6 [pid 6231] <... mmap resumed>) = 0x7f6d360b6000 [pid 6232] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6232] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... mprotect resumed>) = 0 [pid 6231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6233 attached [pid 6233] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6231] <... clone3 resumed> => {parent_tid=[6233]}, 88) = 6233 [pid 6233] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6231] rt_sigprocmask(SIG_SETMASK, [], [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6233] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... futex resumed>) = 0 [pid 6233] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6231] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6233] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6231] <... futex resumed>) = 0 [pid 6233] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] exit_group(0 [pid 6233] <... futex resumed>) = ? [pid 6232] <... futex resumed>) = ? [pid 6231] <... exit_group resumed>) = ? [pid 6233] +++ exited with 0 +++ [pid 6232] +++ exited with 0 +++ [pid 6231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6231, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./395/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./395/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./395/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/bus") = 0 umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./395/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6234 attached , child_tidptr=0x5555564f6750) = 6234 [pid 6234] set_robust_list(0x5555564f6760, 24) = 0 [pid 6234] chdir("./396") = 0 [pid 6234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6234] setpgid(0, 0) = 0 [pid 6234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6234] write(3, "1000", 4) = 4 [pid 6234] close(3) = 0 [pid 6234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6234] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6234] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6235 attached [pid 6235] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6235] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6234] <... clone3 resumed> => {parent_tid=[6235]}, 88) = 6235 [pid 6235] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6234] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... futex resumed>) = 0 [pid 6234] <... futex resumed>) = 1 [pid 6235] memfd_create("syzkaller", 0 [pid 6234] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6235] <... memfd_create resumed>) = 3 [pid 6235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6235] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6235] close(3) = 0 [pid 6235] mkdir("./bus", 0777) = 0 [pid 6235] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6235] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6235] chdir("./bus") = 0 [pid 6235] ioctl(4, LOOP_CLR_FD) = 0 [pid 6235] close(4) = 0 [pid 6235] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6235] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] <... futex resumed>) = 0 [pid 6235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6234] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] memfd_create("syzkaller", 0) = 4 [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6235] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6235] munmap(0x7f6d360cf000, 32768) = 0 [pid 6235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6235] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6235] ioctl(5, LOOP_CLR_FD) = 0 [pid 6235] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6235] close(5) = 0 [pid 6235] close(4) = 0 [pid 6235] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] <... futex resumed>) = 0 [pid 6235] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6234] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] <... openat resumed>) = 4 [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] <... futex resumed>) = 1 [pid 6235] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6235] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] <... futex resumed>) = 1 [pid 6235] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6235] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6235] <... futex resumed>) = 1 [pid 6234] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6235] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6235] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6234] <... futex resumed>) = 0 [pid 6235] <... openat resumed>) = 5 [pid 6234] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6235] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6234] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6235] <... futex resumed>) = 1 [pid 6234] <... mmap resumed>) = 0x7f6d360b6000 [pid 6235] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6235] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6234] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6235] <... openat resumed>) = 6 [pid 6234] <... mprotect resumed>) = 0 [pid 6234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6235] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6236 attached ) = 0 [pid 6236] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6235] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] <... clone3 resumed> => {parent_tid=[6236]}, 88) = 6236 [pid 6236] set_robust_list(0x7f6d360d69a0, 24 [pid 6234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6236] <... set_robust_list resumed>) = 0 [pid 6234] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] rt_sigprocmask(SIG_SETMASK, [], [pid 6234] <... futex resumed>) = 0 [pid 6236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [ 131.902713][ T6235] loop0: detected capacity change from 0 to 64 [pid 6234] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6236] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6236] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] <... futex resumed>) = 0 [pid 6236] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] exit_group(0 [pid 6236] <... futex resumed>) = ? [pid 6235] <... futex resumed>) = ? [pid 6234] <... exit_group resumed>) = ? [pid 6236] +++ exited with 0 +++ [pid 6235] +++ exited with 0 +++ [pid 6234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6234, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./396/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./396/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./396/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/bus") = 0 umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./396/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6237 attached [pid 6237] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6237 [pid 6237] chdir("./397") = 0 [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6237] setpgid(0, 0) = 0 [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6237] write(3, "1000", 4) = 4 [pid 6237] close(3) = 0 [pid 6237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6237] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6237] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6238 attached [pid 6238] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6238] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6238] rt_sigprocmask(SIG_SETMASK, [], [pid 6237] <... clone3 resumed> => {parent_tid=[6238]}, 88) = 6238 [pid 6237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6238] memfd_create("syzkaller", 0 [pid 6237] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... memfd_create resumed>) = 3 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6237] <... futex resumed>) = 0 [pid 6238] <... mmap resumed>) = 0x7f6d3e4c7000 [pid 6237] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6238] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6238] close(3) = 0 [pid 6238] mkdir("./bus", 0777) = 0 [pid 6238] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6238] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6238] chdir("./bus") = 0 [pid 6238] ioctl(4, LOOP_CLR_FD) = 0 [pid 6238] close(4) = 0 [pid 6238] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6238] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6237] <... futex resumed>) = 0 [pid 6238] memfd_create("syzkaller", 0 [pid 6237] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6238] <... memfd_create resumed>) = 4 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6238] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6238] munmap(0x7f6d360cf000, 32768) = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6238] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6238] ioctl(5, LOOP_CLR_FD) = 0 [pid 6238] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6238] close(5) = 0 [pid 6238] close(4) = 0 [pid 6238] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6238] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... futex resumed>) = 0 [pid 6237] <... futex resumed>) = 1 [pid 6238] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6237] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] <... openat resumed>) = 4 [pid 6238] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6238] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6237] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... write resumed>) = 12288 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6238] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 132.036389][ T6238] loop0: detected capacity change from 0 to 64 [pid 6238] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6238] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] <... futex resumed>) = 0 [pid 6237] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6237] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6239 attached [pid 6239] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6237] <... clone3 resumed> => {parent_tid=[6239]}, 88) = 6239 [pid 6239] <... rseq resumed>) = 0 [pid 6239] set_robust_list(0x7f6d360d69a0, 24 [pid 6237] rt_sigprocmask(SIG_SETMASK, [], [pid 6239] <... set_robust_list resumed>) = 0 [pid 6237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], [pid 6237] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6237] <... futex resumed>) = 0 [pid 6239] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6237] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] <... futex resumed>) = 1 [pid 6239] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6239] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6239] <... futex resumed>) = 1 [pid 6237] <... futex resumed>) = 0 [pid 6239] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6238] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] exit_group(0 [pid 6239] <... futex resumed>) = ? [pid 6237] <... exit_group resumed>) = ? [pid 6239] +++ exited with 0 +++ [pid 6238] <... futex resumed>) = ? [pid 6238] +++ exited with 0 +++ [pid 6237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./397/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./397/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./397/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./397/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./397/bus") = 0 umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./397/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./397") = 0 mkdir("./398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6240 attached , child_tidptr=0x5555564f6750) = 6240 [pid 6240] set_robust_list(0x5555564f6760, 24) = 0 [pid 6240] chdir("./398") = 0 [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6240] setpgid(0, 0) = 0 [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6240] write(3, "1000", 4) = 4 [pid 6240] close(3) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6240] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6240] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6241 attached [pid 6241] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6240] <... clone3 resumed> => {parent_tid=[6241]}, 88) = 6241 [pid 6241] <... rseq resumed>) = 0 [pid 6240] rt_sigprocmask(SIG_SETMASK, [], [pid 6241] set_robust_list(0x7f6d468e79a0, 24 [pid 6240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6241] <... set_robust_list resumed>) = 0 [pid 6240] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], [pid 6240] <... futex resumed>) = 0 [pid 6241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6240] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6241] memfd_create("syzkaller", 0) = 3 [pid 6241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6241] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6241] close(3) = 0 [pid 6241] mkdir("./bus", 0777) = 0 [pid 6241] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6241] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6241] chdir("./bus") = 0 [pid 6241] ioctl(4, LOOP_CLR_FD) = 0 [pid 6241] close(4) = 0 [pid 6241] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6240] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6241] memfd_create("syzkaller", 0) = 4 [pid 6241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6241] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6241] munmap(0x7f6d360cf000, 32768) = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6241] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6241] ioctl(5, LOOP_CLR_FD) = 0 [pid 6241] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6241] close(5) = 0 [pid 6241] close(4) = 0 [pid 6241] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6241] <... futex resumed>) = 1 [pid 6241] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6240] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6240] <... futex resumed>) = 0 [pid 6241] <... openat resumed>) = 4 [pid 6240] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] <... futex resumed>) = 1 [pid 6240] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6241] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... futex resumed>) = 1 [pid 6241] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6241] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... futex resumed>) = 1 [pid 6241] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 132.168297][ T6241] loop0: detected capacity change from 0 to 64 [pid 6241] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6241] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] <... futex resumed>) = 1 [pid 6240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6241] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6241] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6240] <... mmap resumed>) = 0x7f6d360b6000 [pid 6241] <... openat resumed>) = 6 [pid 6240] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6241] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6242 attached [pid 6242] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6242] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6240] <... clone3 resumed> => {parent_tid=[6242]}, 88) = 6242 [pid 6242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6242] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6240] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] <... futex resumed>) = 0 [pid 6240] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6242] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6242] <... futex resumed>) = 1 [pid 6242] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] exit_group(0 [pid 6241] <... futex resumed>) = ? [pid 6242] <... futex resumed>) = ? [pid 6240] <... exit_group resumed>) = ? [pid 6242] +++ exited with 0 +++ [pid 6241] +++ exited with 0 +++ [pid 6240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./398/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./398/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./398/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./398/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./398/bus") = 0 umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./398/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./398") = 0 mkdir("./399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6243 ./strace-static-x86_64: Process 6243 attached [pid 6243] set_robust_list(0x5555564f6760, 24) = 0 [pid 6243] chdir("./399") = 0 [pid 6243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6243] setpgid(0, 0) = 0 [pid 6243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6243] write(3, "1000", 4) = 4 [pid 6243] close(3) = 0 [pid 6243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6243] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6243] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6244 attached => {parent_tid=[6244]}, 88) = 6244 [pid 6243] rt_sigprocmask(SIG_SETMASK, [], [pid 6244] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6243] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] <... rseq resumed>) = 0 [pid 6243] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6244] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6244] memfd_create("syzkaller", 0) = 3 [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6244] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6244] close(3) = 0 [pid 6244] mkdir("./bus", 0777) = 0 [pid 6244] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6244] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6244] chdir("./bus") = 0 [pid 6244] ioctl(4, LOOP_CLR_FD) = 0 [pid 6244] close(4) = 0 [pid 6244] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... futex resumed>) = 0 [pid 6244] memfd_create("syzkaller", 0) = 4 [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6243] <... futex resumed>) = 1 [pid 6243] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6244] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6244] munmap(0x7f6d360cf000, 32768) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6244] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6244] ioctl(5, LOOP_CLR_FD) = 0 [pid 6244] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6244] close(5) = 0 [pid 6244] close(4) = 0 [pid 6244] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... futex resumed>) = 1 [pid 6244] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6243] <... futex resumed>) = 0 [pid 6244] <... openat resumed>) = 4 [pid 6243] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6244] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = 1 [pid 6244] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6244] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = 1 [pid 6244] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6244] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6244] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6243] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6245 attached [pid 6245] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6245] set_robust_list(0x7f6d360d69a0, 24 [pid 6243] <... clone3 resumed> => {parent_tid=[6245]}, 88) = 6245 [pid 6245] <... set_robust_list resumed>) = 0 [pid 6243] rt_sigprocmask(SIG_SETMASK, [], [pid 6245] rt_sigprocmask(SIG_SETMASK, [], [pid 6243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6244] <... futex resumed>) = 1 [pid 6243] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6244] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6243] <... futex resumed>) = 0 [pid 6244] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6243] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6245] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6244] <... openat resumed>) = 6 [pid 6244] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6245] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6245] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] exit_group(0) = ? [pid 6245] <... futex resumed>) = ? [ 132.316483][ T6244] loop0: detected capacity change from 0 to 64 [pid 6245] +++ exited with 0 +++ [pid 6244] <... futex resumed>) = ? [pid 6244] +++ exited with 0 +++ [pid 6243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6243, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./399/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./399/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./399/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./399/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./399/bus") = 0 umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./399/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./399") = 0 mkdir("./400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6246 ./strace-static-x86_64: Process 6246 attached [pid 6246] set_robust_list(0x5555564f6760, 24) = 0 [pid 6246] chdir("./400") = 0 [pid 6246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6246] setpgid(0, 0) = 0 [pid 6246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6246] write(3, "1000", 4) = 4 [pid 6246] close(3) = 0 [pid 6246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6246] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6246] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6247 attached => {parent_tid=[6247]}, 88) = 6247 [pid 6247] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6246] rt_sigprocmask(SIG_SETMASK, [], [pid 6247] set_robust_list(0x7f6d468e79a0, 24 [pid 6246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6247] <... set_robust_list resumed>) = 0 [pid 6247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6246] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] memfd_create("syzkaller", 0 [pid 6246] <... futex resumed>) = 0 [pid 6247] <... memfd_create resumed>) = 3 [pid 6246] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6247] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6247] close(3) = 0 [pid 6247] mkdir("./bus", 0777) = 0 [pid 6247] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6247] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6247] chdir("./bus") = 0 [pid 6247] ioctl(4, LOOP_CLR_FD) = 0 [pid 6247] close(4) = 0 [pid 6247] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] memfd_create("syzkaller", 0 [pid 6246] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... memfd_create resumed>) = 4 [pid 6247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6247] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6247] munmap(0x7f6d360cf000, 32768) = 0 [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6246] <... futex resumed>) = 0 [pid 6247] <... openat resumed>) = 5 [pid 6246] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6247] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6247] ioctl(5, LOOP_CLR_FD) = 0 [pid 6247] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6247] close(5) = 0 [pid 6247] close(4) = 0 [pid 6247] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... futex resumed>) = 0 [pid 6246] <... futex resumed>) = 1 [pid 6247] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6246] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... openat resumed>) = 4 [pid 6247] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6246] <... futex resumed>) = 0 [pid 6247] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6246] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... write resumed>) = 12288 [pid 6247] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6246] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6247] <... mmap resumed>) = 0x20000000 [pid 6246] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6247] <... futex resumed>) = 0 [pid 6246] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6246] <... futex resumed>) = 0 [pid 6247] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6246] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... openat resumed>) = 5 [pid 6247] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6246] <... futex resumed>) = 0 [pid 6247] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6246] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6247] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6247] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... mmap resumed>) = 0x7f6d360b6000 [pid 6247] <... futex resumed>) = 0 [pid 6247] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 132.461118][ T6247] loop0: detected capacity change from 0 to 64 [pid 6246] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6248 attached [pid 6248] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6246] <... clone3 resumed> => {parent_tid=[6248]}, 88) = 6248 [pid 6248] <... rseq resumed>) = 0 [pid 6246] rt_sigprocmask(SIG_SETMASK, [], [pid 6248] set_robust_list(0x7f6d360d69a0, 24 [pid 6246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6248] <... set_robust_list resumed>) = 0 [pid 6248] rt_sigprocmask(SIG_SETMASK, [], [pid 6246] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6246] <... futex resumed>) = 0 [pid 6248] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6246] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6248] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6248] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6248] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] exit_group(0 [pid 6247] <... futex resumed>) = ? [pid 6248] <... futex resumed>) = ? [pid 6246] <... exit_group resumed>) = ? [pid 6248] +++ exited with 0 +++ [pid 6247] +++ exited with 0 +++ [pid 6246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6246, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./400/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./400/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./400/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./400/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./400/bus") = 0 umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./400/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./400") = 0 mkdir("./401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6249 ./strace-static-x86_64: Process 6249 attached [pid 6249] set_robust_list(0x5555564f6760, 24) = 0 [pid 6249] chdir("./401") = 0 [pid 6249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6249] setpgid(0, 0) = 0 [pid 6249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6249] write(3, "1000", 4) = 4 [pid 6249] close(3) = 0 [pid 6249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6249] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6249] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6249] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6250 attached [pid 6250] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6249] <... clone3 resumed> => {parent_tid=[6250]}, 88) = 6250 [pid 6250] <... rseq resumed>) = 0 [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6250] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6250] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6249] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6250] memfd_create("syzkaller", 0 [pid 6249] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6250] <... memfd_create resumed>) = 3 [pid 6250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6250] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6250] close(3) = 0 [pid 6250] mkdir("./bus", 0777) = 0 [pid 6250] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6250] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6250] chdir("./bus") = 0 [pid 6250] ioctl(4, LOOP_CLR_FD) = 0 [pid 6250] close(4) = 0 [pid 6250] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6249] <... futex resumed>) = 0 [pid 6250] memfd_create("syzkaller", 0 [pid 6249] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6250] <... memfd_create resumed>) = 4 [pid 6250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6250] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6250] munmap(0x7f6d360cf000, 32768) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6250] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6250] ioctl(5, LOOP_CLR_FD) = 0 [pid 6250] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6250] close(5) = 0 [pid 6250] close(4) = 0 [pid 6250] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6249] <... futex resumed>) = 0 [pid 6250] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6249] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... openat resumed>) = 4 [pid 6250] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6249] <... futex resumed>) = 0 [pid 6250] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6249] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... write resumed>) = 12288 [pid 6250] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6249] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6249] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... mmap resumed>) = 0x20000000 [pid 6250] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = 0 [pid 6249] <... futex resumed>) = 1 [pid 6250] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6249] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6250] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6250] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6249] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6249] <... futex resumed>) = 0 [pid 6249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6249] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6250] <... openat resumed>) = 6 [ 132.612445][ T6250] loop0: detected capacity change from 0 to 64 [pid 6249] <... mprotect resumed>) = 0 [pid 6250] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6251]}, 88) = 6251 ./strace-static-x86_64: Process 6251 attached [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6251] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6251] <... rseq resumed>) = 0 [pid 6249] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6249] <... futex resumed>) = 0 [pid 6251] rt_sigprocmask(SIG_SETMASK, [], [pid 6249] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6251] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6251] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6251] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] <... futex resumed>) = 0 [pid 6249] exit_group(0) = ? [pid 6251] <... futex resumed>) = ? [pid 6250] <... futex resumed>) = ? [pid 6251] +++ exited with 0 +++ [pid 6250] +++ exited with 0 +++ [pid 6249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6249, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./401/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./401/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./401/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./401/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./401/bus") = 0 umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./401/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./401") = 0 mkdir("./402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6252 ./strace-static-x86_64: Process 6252 attached [pid 6252] set_robust_list(0x5555564f6760, 24) = 0 [pid 6252] chdir("./402") = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6252] setpgid(0, 0) = 0 [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6252] write(3, "1000", 4) = 4 [pid 6252] close(3) = 0 [pid 6252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6252] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6252] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6253 attached [pid 6253] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6252] <... clone3 resumed> => {parent_tid=[6253]}, 88) = 6253 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6252] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... rseq resumed>) = 0 [pid 6252] <... futex resumed>) = 0 [pid 6253] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6253] rt_sigprocmask(SIG_SETMASK, [], [pid 6252] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6253] memfd_create("syzkaller", 0) = 3 [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6253] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6253] close(3) = 0 [pid 6253] mkdir("./bus", 0777) = 0 [pid 6253] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6253] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6253] chdir("./bus") = 0 [pid 6253] ioctl(4, LOOP_CLR_FD) = 0 [pid 6253] close(4) = 0 [pid 6253] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6253] memfd_create("syzkaller", 0) = 4 [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6253] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6253] munmap(0x7f6d360cf000, 32768 [pid 6252] <... futex resumed>) = 0 [pid 6253] <... munmap resumed>) = 0 [pid 6252] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6253] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6253] ioctl(5, LOOP_CLR_FD) = 0 [pid 6253] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6253] close(5) = 0 [pid 6253] close(4) = 0 [pid 6253] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6252] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... openat resumed>) = 4 [pid 6252] <... futex resumed>) = 0 [pid 6253] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = 0 [pid 6252] <... futex resumed>) = 1 [pid 6253] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6252] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... write resumed>) = 12288 [pid 6253] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] <... futex resumed>) = 0 [pid 6253] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6252] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... futex resumed>) = 1 [pid 6253] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6253] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6253] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6252] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6254 attached [pid 6254] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6252] <... clone3 resumed> => {parent_tid=[6254]}, 88) = 6254 [pid 6254] <... rseq resumed>) = 0 [pid 6253] <... futex resumed>) = 1 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], [pid 6254] set_robust_list(0x7f6d360d69a0, 24 [pid 6253] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6254] <... set_robust_list resumed>) = 0 [pid 6253] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6252] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] rt_sigprocmask(SIG_SETMASK, [], [pid 6252] <... futex resumed>) = 0 [pid 6254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6253] <... openat resumed>) = 6 [pid 6252] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6254] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6253] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6252] exit_group(0 [pid 6254] <... futex resumed>) = ? [pid 6253] <... futex resumed>) = ? [pid 6252] <... exit_group resumed>) = ? [pid 6254] +++ exited with 0 +++ [pid 6253] +++ exited with 0 +++ [pid 6252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 132.739072][ T6253] loop0: detected capacity change from 0 to 64 umount2("./402/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./402/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./402/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./402/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./402/bus") = 0 umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./402/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./402") = 0 mkdir("./403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6255 ./strace-static-x86_64: Process 6255 attached [pid 6255] set_robust_list(0x5555564f6760, 24) = 0 [pid 6255] chdir("./403") = 0 [pid 6255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6255] setpgid(0, 0) = 0 [pid 6255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6255] write(3, "1000", 4) = 4 [pid 6255] close(3) = 0 [pid 6255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6255] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6255] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6256 attached => {parent_tid=[6256]}, 88) = 6256 [pid 6255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6256] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6256] set_robust_list(0x7f6d468e79a0, 24 [pid 6255] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6256] <... set_robust_list resumed>) = 0 [pid 6256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6255] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6256] memfd_create("syzkaller", 0) = 3 [pid 6256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6256] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6256] close(3) = 0 [pid 6256] mkdir("./bus", 0777) = 0 [pid 6256] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6256] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6256] chdir("./bus") = 0 [pid 6256] ioctl(4, LOOP_CLR_FD) = 0 [pid 6256] close(4) = 0 [pid 6256] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6256] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 0 [pid 6256] memfd_create("syzkaller", 0) = 4 [pid 6256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6256] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6256] munmap(0x7f6d360cf000, 32768) = 0 [pid 6256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6256] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6256] ioctl(5, LOOP_CLR_FD) = 0 [pid 6256] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6256] close(5) = 0 [pid 6256] close(4) = 0 [pid 6256] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6256] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = 0 [pid 6255] <... futex resumed>) = 1 [pid 6256] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6255] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6256] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6255] <... futex resumed>) = 0 [pid 6256] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6255] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... write resumed>) = 12288 [pid 6256] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6256] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6255] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 0 [pid 6256] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6256] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 1 [pid 6256] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6256] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6256] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6256] <... futex resumed>) = 1 [pid 6255] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6256] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6255] <... futex resumed>) = 0 [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6256] <... openat resumed>) = 6 [pid 6255] <... mmap resumed>) = 0x7f6d360b6000 [pid 6255] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6255] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6256] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6256] <... futex resumed>) = 0 [pid 6255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6256] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6257 attached [pid 6257] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6255] <... clone3 resumed> => {parent_tid=[6257]}, 88) = 6257 [pid 6255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6255] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6257] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 132.868313][ T6256] loop0: detected capacity change from 0 to 64 [pid 6257] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6257] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6257] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] exit_group(0 [pid 6256] <... futex resumed>) = ? [pid 6257] <... futex resumed>) = ? [pid 6255] <... exit_group resumed>) = ? [pid 6256] +++ exited with 0 +++ [pid 6257] +++ exited with 0 +++ [pid 6255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6255, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./403/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./403/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./403/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./403/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./403/bus") = 0 umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./403/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./403") = 0 mkdir("./404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6258 attached , child_tidptr=0x5555564f6750) = 6258 [pid 6258] set_robust_list(0x5555564f6760, 24) = 0 [pid 6258] chdir("./404") = 0 [pid 6258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6258] setpgid(0, 0) = 0 [pid 6258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6258] write(3, "1000", 4) = 4 [pid 6258] close(3) = 0 [pid 6258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6258] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6258] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6259 attached => {parent_tid=[6259]}, 88) = 6259 [pid 6259] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6258] rt_sigprocmask(SIG_SETMASK, [], [pid 6259] <... rseq resumed>) = 0 [pid 6259] set_robust_list(0x7f6d468e79a0, 24 [pid 6258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6259] <... set_robust_list resumed>) = 0 [pid 6258] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] rt_sigprocmask(SIG_SETMASK, [], [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6259] memfd_create("syzkaller", 0) = 3 [pid 6259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6259] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6259] close(3) = 0 [pid 6259] mkdir("./bus", 0777) = 0 [pid 6259] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6259] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6259] chdir("./bus") = 0 [pid 6259] ioctl(4, LOOP_CLR_FD) = 0 [pid 6259] close(4) = 0 [pid 6259] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6259] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... futex resumed>) = 0 [pid 6258] <... futex resumed>) = 1 [pid 6259] memfd_create("syzkaller", 0 [pid 6258] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6259] <... memfd_create resumed>) = 4 [pid 6259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6259] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6259] munmap(0x7f6d360cf000, 32768) = 0 [pid 6259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6259] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6259] ioctl(5, LOOP_CLR_FD) = 0 [pid 6259] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6259] close(5) = 0 [pid 6259] close(4) = 0 [pid 6259] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6259] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6259] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6259] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 1 [pid 6259] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6259] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6259] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 133.020926][ T6259] loop0: detected capacity change from 0 to 64 [pid 6258] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6258] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6259] <... futex resumed>) = 1 [pid 6258] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6259] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6259] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6258] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6259] <... openat resumed>) = 6 [pid 6258] <... clone3 resumed> => {parent_tid=[6260]}, 88) = 6260 [pid 6258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6258] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6260 attached [pid 6259] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6260] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6260] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6260] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6260] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6258] <... futex resumed>) = 0 [pid 6258] exit_group(0 [pid 6259] <... futex resumed>) = ? [pid 6258] <... exit_group resumed>) = ? [pid 6259] +++ exited with 0 +++ [pid 6260] <... futex resumed>) = ? [pid 6260] +++ exited with 0 +++ [pid 6258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6258, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./404/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./404/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./404/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./404/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./404/bus") = 0 umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./404/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./404") = 0 mkdir("./405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6261 attached , child_tidptr=0x5555564f6750) = 6261 [pid 6261] set_robust_list(0x5555564f6760, 24) = 0 [pid 6261] chdir("./405") = 0 [pid 6261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6261] setpgid(0, 0) = 0 [pid 6261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6261] write(3, "1000", 4) = 4 [pid 6261] close(3) = 0 [pid 6261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6261] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6261] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6262 attached => {parent_tid=[6262]}, 88) = 6262 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6261] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6262] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6261] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6262] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6262] memfd_create("syzkaller", 0) = 3 [pid 6262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6262] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6262] close(3) = 0 [pid 6262] mkdir("./bus", 0777) = 0 [pid 6262] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6262] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6262] chdir("./bus") = 0 [pid 6262] ioctl(4, LOOP_CLR_FD) = 0 [pid 6262] close(4) = 0 [pid 6262] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6262] memfd_create("syzkaller", 0) = 4 [pid 6262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6262] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6262] munmap(0x7f6d360cf000, 32768) = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6262] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6262] ioctl(5, LOOP_CLR_FD) = 0 [pid 6262] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [ 133.158219][ T6262] loop0: detected capacity change from 0 to 64 [pid 6262] close(5) = 0 [pid 6262] close(4) = 0 [pid 6262] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] <... futex resumed>) = 0 [pid 6262] <... futex resumed>) = 1 [pid 6261] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6261] <... futex resumed>) = 0 [pid 6262] <... openat resumed>) = 4 [pid 6261] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6262] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6261] <... futex resumed>) = 0 [pid 6262] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6261] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... write resumed>) = 12288 [pid 6262] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] <... futex resumed>) = 0 [pid 6262] <... futex resumed>) = 1 [pid 6261] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6261] <... futex resumed>) = 0 [pid 6262] <... mmap resumed>) = 0x20000000 [pid 6261] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6262] <... futex resumed>) = 0 [pid 6261] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6261] <... futex resumed>) = 0 [pid 6262] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6261] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... openat resumed>) = 5 [pid 6262] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6262] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6262] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6262] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6261] <... futex resumed>) = 1 [pid 6261] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6262] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... mmap resumed>) = 0x7f6d360b6000 [pid 6262] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6263 attached [pid 6263] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6261] <... clone3 resumed> => {parent_tid=[6263]}, 88) = 6263 [pid 6263] <... rseq resumed>) = 0 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], [pid 6263] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6261] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6263] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6263] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6263] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] exit_group(0 [pid 6262] <... futex resumed>) = ? [pid 6263] <... futex resumed>) = ? [pid 6262] +++ exited with 0 +++ [pid 6261] <... exit_group resumed>) = ? [pid 6263] +++ exited with 0 +++ [pid 6261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6261, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./405/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./405/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./405/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./405/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./405/bus") = 0 umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./405/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./405") = 0 mkdir("./406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6264 attached , child_tidptr=0x5555564f6750) = 6264 [pid 6264] set_robust_list(0x5555564f6760, 24) = 0 [pid 6264] chdir("./406") = 0 [pid 6264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6264] setpgid(0, 0) = 0 [pid 6264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6264] write(3, "1000", 4) = 4 [pid 6264] close(3) = 0 [pid 6264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6264] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6264] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6264] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6265 attached [pid 6265] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6264] <... clone3 resumed> => {parent_tid=[6265]}, 88) = 6265 [pid 6265] <... rseq resumed>) = 0 [pid 6264] rt_sigprocmask(SIG_SETMASK, [], [pid 6265] set_robust_list(0x7f6d468e79a0, 24 [pid 6264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6265] <... set_robust_list resumed>) = 0 [pid 6264] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] rt_sigprocmask(SIG_SETMASK, [], [pid 6264] <... futex resumed>) = 0 [pid 6265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6264] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6265] memfd_create("syzkaller", 0) = 3 [pid 6265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6265] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6265] close(3) = 0 [pid 6265] mkdir("./bus", 0777) = 0 [pid 6265] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6265] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6265] chdir("./bus") = 0 [pid 6265] ioctl(4, LOOP_CLR_FD) = 0 [pid 6265] close(4) = 0 [pid 6265] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6265] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... futex resumed>) = 0 [pid 6264] <... futex resumed>) = 1 [pid 6265] memfd_create("syzkaller", 0 [pid 6264] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6265] <... memfd_create resumed>) = 4 [pid 6265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6265] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6265] munmap(0x7f6d360cf000, 32768) = 0 [pid 6265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6265] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6265] ioctl(5, LOOP_CLR_FD) = 0 [pid 6265] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6265] close(5) = 0 [pid 6265] close(4) = 0 [pid 6265] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] <... openat resumed>) = 4 [pid 6265] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6265] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6264] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] <... write resumed>) = 12288 [pid 6265] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6265] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... futex resumed>) = 0 [pid 6264] <... futex resumed>) = 1 [pid 6265] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6264] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] <... mmap resumed>) = 0x20000000 [pid 6265] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6264] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6265] <... futex resumed>) = 1 [pid 6264] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6265] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6265] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6265] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6264] <... futex resumed>) = 0 [pid 6265] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6265] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6264] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... openat resumed>) = 6 [pid 6265] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6265] <... futex resumed>) = 0 [pid 6264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6265] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] <... mmap resumed>) = 0x7f6d360b6000 [ 133.321310][ T6265] loop0: detected capacity change from 0 to 64 [pid 6264] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6266 attached [pid 6266] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6266] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6266] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] <... clone3 resumed> => {parent_tid=[6266]}, 88) = 6266 [pid 6264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6264] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6266] <... futex resumed>) = 0 [pid 6266] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6264] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6266] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6266] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6264] exit_group(0 [pid 6266] <... futex resumed>) = ? [pid 6265] <... futex resumed>) = ? [pid 6264] <... exit_group resumed>) = ? [pid 6266] +++ exited with 0 +++ [pid 6265] +++ exited with 0 +++ [pid 6264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6264, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./406/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./406/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./406/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./406/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./406/bus") = 0 umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./406/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./406") = 0 mkdir("./407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6267 attached , child_tidptr=0x5555564f6750) = 6267 [pid 6267] set_robust_list(0x5555564f6760, 24) = 0 [pid 6267] chdir("./407") = 0 [pid 6267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6267] setpgid(0, 0) = 0 [pid 6267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6267] write(3, "1000", 4) = 4 [pid 6267] close(3) = 0 [pid 6267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6267] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6267] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6268]}, 88) = 6268 ./strace-static-x86_64: Process 6268 attached [pid 6267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6267] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6268] <... rseq resumed>) = 0 [pid 6268] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6268] memfd_create("syzkaller", 0) = 3 [pid 6268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6268] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6268] close(3) = 0 [pid 6268] mkdir("./bus", 0777) = 0 [pid 6268] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6268] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6268] chdir("./bus") = 0 [pid 6268] ioctl(4, LOOP_CLR_FD) = 0 [pid 6268] close(4) = 0 [pid 6268] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6268] memfd_create("syzkaller", 0) = 4 [pid 6268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6268] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6268] munmap(0x7f6d360cf000, 32768) = 0 [pid 6268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6268] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6268] ioctl(5, LOOP_CLR_FD) = 0 [pid 6268] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6268] close(5) = 0 [pid 6268] close(4) = 0 [pid 6268] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6268] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6267] <... futex resumed>) = 0 [pid 6268] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6267] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] <... openat resumed>) = 4 [pid 6268] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6267] <... futex resumed>) = 0 [pid 6268] <... write resumed>) = 12288 [pid 6267] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6268] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6268] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 1 [pid 6268] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6267] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6268] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6268] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6267] <... futex resumed>) = 0 [pid 6268] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6267] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6267] <... futex resumed>) = 0 [pid 6268] <... openat resumed>) = 6 [pid 6267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6268] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6268] <... futex resumed>) = 0 [pid 6267] <... mprotect resumed>) = 0 [pid 6268] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 133.484793][ T6268] loop0: detected capacity change from 0 to 64 [pid 6267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6269 attached [pid 6269] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6267] <... clone3 resumed> => {parent_tid=[6269]}, 88) = 6269 [pid 6269] set_robust_list(0x7f6d360d69a0, 24 [pid 6267] rt_sigprocmask(SIG_SETMASK, [], [pid 6269] <... set_robust_list resumed>) = 0 [pid 6267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6269] rt_sigprocmask(SIG_SETMASK, [], [pid 6267] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6269] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6267] <... futex resumed>) = 0 [pid 6267] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6269] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6269] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] exit_group(0 [pid 6268] <... futex resumed>) = ? [pid 6269] <... futex resumed>) = ? [pid 6267] <... exit_group resumed>) = ? [pid 6269] +++ exited with 0 +++ [pid 6268] +++ exited with 0 +++ [pid 6267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6267, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./407/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./407/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./407/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./407/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./407/bus") = 0 umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./407/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./407") = 0 mkdir("./408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6270 attached , child_tidptr=0x5555564f6750) = 6270 [pid 6270] set_robust_list(0x5555564f6760, 24) = 0 [pid 6270] chdir("./408") = 0 [pid 6270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6270] setpgid(0, 0) = 0 [pid 6270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6270] write(3, "1000", 4) = 4 [pid 6270] close(3) = 0 [pid 6270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6270] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6271 attached [pid 6271] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6270] <... clone3 resumed> => {parent_tid=[6271]}, 88) = 6271 [pid 6271] <... rseq resumed>) = 0 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], [pid 6271] set_robust_list(0x7f6d468e79a0, 24 [pid 6270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6271] <... set_robust_list resumed>) = 0 [pid 6270] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6270] <... futex resumed>) = 0 [pid 6271] memfd_create("syzkaller", 0 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6271] <... memfd_create resumed>) = 3 [pid 6271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6271] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6271] close(3) = 0 [pid 6271] mkdir("./bus", 0777) = 0 [pid 6271] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6271] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6271] chdir("./bus") = 0 [pid 6271] ioctl(4, LOOP_CLR_FD) = 0 [pid 6271] close(4) = 0 [pid 6271] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6271] <... futex resumed>) = 0 [pid 6271] memfd_create("syzkaller", 0) = 4 [pid 6271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6271] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6271] munmap(0x7f6d360cf000, 32768) = 0 [pid 6271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6271] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6271] ioctl(5, LOOP_CLR_FD) = 0 [pid 6271] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6271] close(5) = 0 [pid 6271] close(4) = 0 [pid 6271] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = 0 [pid 6271] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6270] <... futex resumed>) = 1 [pid 6271] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] <... futex resumed>) = 0 [pid 6270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6271] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6270] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] <... futex resumed>) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6271] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6271] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6271] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6271] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6270] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6270] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6271] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6271] <... openat resumed>) = 6 ./strace-static-x86_64: Process 6272 attached [pid 6272] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6270] <... clone3 resumed> => {parent_tid=[6272]}, 88) = 6272 [pid 6272] <... rseq resumed>) = 0 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], [pid 6272] set_robust_list(0x7f6d360d69a0, 24 [pid 6270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6272] <... set_robust_list resumed>) = 0 [pid 6270] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], [pid 6270] <... futex resumed>) = 0 [pid 6272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6270] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6271] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6271] <... futex resumed>) = 0 [pid 6272] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] <... futex resumed>) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6272] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] exit_group(0 [pid 6272] <... futex resumed>) = ? [pid 6271] <... futex resumed>) = ? [pid 6270] <... exit_group resumed>) = ? [pid 6272] +++ exited with 0 +++ [pid 6271] +++ exited with 0 +++ [pid 6270] +++ exited with 0 +++ [ 133.617960][ T6271] loop0: detected capacity change from 0 to 64 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6270, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./408/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./408/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./408/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./408/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./408/bus") = 0 umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./408/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./408") = 0 mkdir("./409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6273 attached , child_tidptr=0x5555564f6750) = 6273 [pid 6273] set_robust_list(0x5555564f6760, 24) = 0 [pid 6273] chdir("./409") = 0 [pid 6273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6273] setpgid(0, 0) = 0 [pid 6273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6273] write(3, "1000", 4) = 4 [pid 6273] close(3) = 0 [pid 6273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6273] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6273] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6274]}, 88) = 6274 ./strace-static-x86_64: Process 6274 attached [pid 6274] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], [pid 6274] <... rseq resumed>) = 0 [pid 6274] set_robust_list(0x7f6d468e79a0, 24 [pid 6273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6273] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6274] <... set_robust_list resumed>) = 0 [pid 6274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6274] memfd_create("syzkaller", 0) = 3 [pid 6274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6274] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6274] close(3) = 0 [pid 6274] mkdir("./bus", 0777) = 0 [pid 6274] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6274] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6274] chdir("./bus") = 0 [pid 6274] ioctl(4, LOOP_CLR_FD) = 0 [pid 6274] close(4) = 0 [pid 6274] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6274] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] <... futex resumed>) = 0 [pid 6273] <... futex resumed>) = 1 [pid 6274] memfd_create("syzkaller", 0) = 4 [pid 6273] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6274] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6274] munmap(0x7f6d360cf000, 32768) = 0 [pid 6274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6274] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6274] ioctl(5, LOOP_CLR_FD) = 0 [pid 6274] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6274] close(5) = 0 [pid 6274] close(4) = 0 [pid 6274] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... futex resumed>) = 1 [pid 6274] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6274] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... futex resumed>) = 1 [pid 6274] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6274] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] <... futex resumed>) = 1 [pid 6273] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6274] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6274] <... futex resumed>) = 1 [pid 6273] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6274] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6274] <... openat resumed>) = 5 [pid 6274] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6274] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6273] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6273] <... futex resumed>) = 0 [pid 6273] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6273] <... futex resumed>) = 0 [pid 6274] <... openat resumed>) = 6 [pid 6273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6274] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] <... mmap resumed>) = 0x7f6d360b6000 [pid 6274] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6275]}, 88) = 6275 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6273] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6275 attached [pid 6275] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6275] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6273] <... futex resumed>) = 0 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], [pid 6273] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6275] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6275] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] exit_group(0 [pid 6275] <... futex resumed>) = ? [pid 6274] <... futex resumed>) = ? [pid 6273] <... exit_group resumed>) = ? [ 133.739196][ T6274] loop0: detected capacity change from 0 to 64 [pid 6275] +++ exited with 0 +++ [pid 6274] +++ exited with 0 +++ [pid 6273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6273, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./409/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./409/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./409/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./409/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./409/bus") = 0 umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./409/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./409") = 0 mkdir("./410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6276 attached , child_tidptr=0x5555564f6750) = 6276 [pid 6276] set_robust_list(0x5555564f6760, 24) = 0 [pid 6276] chdir("./410") = 0 [pid 6276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6276] setpgid(0, 0) = 0 [pid 6276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6276] write(3, "1000", 4) = 4 [pid 6276] close(3) = 0 [pid 6276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6276] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6276] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6277 attached [pid 6277] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6276] <... clone3 resumed> => {parent_tid=[6277]}, 88) = 6277 [pid 6277] <... rseq resumed>) = 0 [pid 6276] rt_sigprocmask(SIG_SETMASK, [], [pid 6277] set_robust_list(0x7f6d468e79a0, 24 [pid 6276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6277] <... set_robust_list resumed>) = 0 [pid 6276] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] rt_sigprocmask(SIG_SETMASK, [], [pid 6276] <... futex resumed>) = 0 [pid 6277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6276] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6277] memfd_create("syzkaller", 0) = 3 [pid 6277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6277] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6277] close(3) = 0 [pid 6277] mkdir("./bus", 0777) = 0 [pid 6277] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6277] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6277] chdir("./bus") = 0 [pid 6277] ioctl(4, LOOP_CLR_FD) = 0 [pid 6277] close(4) = 0 [pid 6277] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6276] <... futex resumed>) = 0 [pid 6277] memfd_create("syzkaller", 0 [pid 6276] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6277] <... memfd_create resumed>) = 4 [pid 6277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6277] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6277] munmap(0x7f6d360cf000, 32768) = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6277] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6277] ioctl(5, LOOP_CLR_FD) = 0 [pid 6277] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6277] close(5) = 0 [pid 6277] close(4) = 0 [pid 6277] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6277] <... futex resumed>) = 1 [pid 6276] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6276] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... openat resumed>) = 4 [pid 6277] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6277] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 1 [pid 6277] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6277] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 1 [pid 6277] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6277] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6277] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6276] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6278 attached => {parent_tid=[6278]}, 88) = 6278 [pid 6276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6276] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 1 [pid 6277] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6277] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6278] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6277] <... openat resumed>) = 6 [pid 6277] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6278] <... rseq resumed>) = 0 [pid 6278] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 133.858149][ T6277] loop0: detected capacity change from 0 to 64 [pid 6278] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6278] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6278] <... futex resumed>) = 1 [pid 6278] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] exit_group(0) = ? [pid 6278] <... futex resumed>) = ? [pid 6277] <... futex resumed>) = ? [pid 6278] +++ exited with 0 +++ [pid 6277] +++ exited with 0 +++ [pid 6276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6276, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./410/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./410/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./410/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./410/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./410/bus") = 0 umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./410/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./410") = 0 mkdir("./411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6279 attached , child_tidptr=0x5555564f6750) = 6279 [pid 6279] set_robust_list(0x5555564f6760, 24) = 0 [pid 6279] chdir("./411") = 0 [pid 6279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6279] setpgid(0, 0) = 0 [pid 6279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6279] write(3, "1000", 4) = 4 [pid 6279] close(3) = 0 [pid 6279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6279] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6279] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6280 attached => {parent_tid=[6280]}, 88) = 6280 [pid 6280] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6279] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6280] <... rseq resumed>) = 0 [pid 6280] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6280] memfd_create("syzkaller", 0) = 3 [pid 6280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6280] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6280] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6280] close(3) = 0 [pid 6280] mkdir("./bus", 0777) = 0 [pid 6280] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6280] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6280] chdir("./bus") = 0 [pid 6280] ioctl(4, LOOP_CLR_FD) = 0 [pid 6280] close(4) = 0 [pid 6280] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] <... futex resumed>) = 0 [pid 6280] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6279] <... futex resumed>) = 0 [pid 6280] memfd_create("syzkaller", 0 [pid 6279] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6280] <... memfd_create resumed>) = 4 [pid 6280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6280] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6280] munmap(0x7f6d360cf000, 32768) = 0 [pid 6280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6280] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6280] ioctl(5, LOOP_CLR_FD) = 0 [pid 6280] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6280] close(5) = 0 [pid 6280] close(4) = 0 [pid 6280] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6280] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6280] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6280] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6280] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6280] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6280] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... futex resumed>) = 1 [pid 6280] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6279] <... futex resumed>) = 0 [pid 6280] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6279] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6279] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6279] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6280] <... futex resumed>) = 1 [pid 6280] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6280] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6279] <... mprotect resumed>) = 0 [pid 6280] <... openat resumed>) = 6 [pid 6279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6281 attached [pid 6281] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6281] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6280] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... clone3 resumed> => {parent_tid=[6281]}, 88) = 6281 [pid 6281] rt_sigprocmask(SIG_SETMASK, [], [pid 6280] <... futex resumed>) = 0 [pid 6279] rt_sigprocmask(SIG_SETMASK, [], [pid 6281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6280] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6281] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6281] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6279] <... futex resumed>) = 1 [pid 6279] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6281] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6281] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6281] <... futex resumed>) = 1 [pid 6279] exit_group(0 [pid 6281] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6280] <... futex resumed>) = ? [pid 6279] <... exit_group resumed>) = ? [pid 6281] +++ exited with 0 +++ [pid 6280] +++ exited with 0 +++ [ 133.993009][ T6280] loop0: detected capacity change from 0 to 64 [pid 6279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6279, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./411/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./411/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./411/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./411/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./411/bus") = 0 umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./411/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./411") = 0 mkdir("./412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6282 attached , child_tidptr=0x5555564f6750) = 6282 [pid 6282] set_robust_list(0x5555564f6760, 24) = 0 [pid 6282] chdir("./412") = 0 [pid 6282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6282] setpgid(0, 0) = 0 [pid 6282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6282] write(3, "1000", 4) = 4 [pid 6282] close(3) = 0 [pid 6282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6282] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6282] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6283 attached => {parent_tid=[6283]}, 88) = 6283 [pid 6283] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], [pid 6283] <... rseq resumed>) = 0 [pid 6283] set_robust_list(0x7f6d468e79a0, 24 [pid 6282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6283] <... set_robust_list resumed>) = 0 [pid 6282] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6282] <... futex resumed>) = 0 [pid 6283] memfd_create("syzkaller", 0 [pid 6282] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6283] <... memfd_create resumed>) = 3 [pid 6283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6283] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6283] close(3) = 0 [pid 6283] mkdir("./bus", 0777) = 0 [pid 6283] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6283] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6283] chdir("./bus") = 0 [pid 6283] ioctl(4, LOOP_CLR_FD) = 0 [pid 6283] close(4) = 0 [pid 6283] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6283] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6283] <... futex resumed>) = 0 [pid 6283] memfd_create("syzkaller", 0) = 4 [pid 6283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6283] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6282] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6283] <... write resumed>) = 32768 [pid 6283] munmap(0x7f6d360cf000, 32768) = 0 [pid 6283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6283] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6283] ioctl(5, LOOP_CLR_FD) = 0 [pid 6283] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6283] close(5) = 0 [pid 6283] close(4) = 0 [pid 6283] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6283] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... futex resumed>) = 0 [pid 6282] <... futex resumed>) = 1 [pid 6283] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6282] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... openat resumed>) = 4 [pid 6283] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6283] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6283] <... futex resumed>) = 0 [pid 6282] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6283] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6283] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6282] <... futex resumed>) = 0 [pid 6283] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6282] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... mmap resumed>) = 0x20000000 [pid 6283] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6283] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6282] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6283] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6282] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6282] <... futex resumed>) = 0 [pid 6283] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6282] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... openat resumed>) = 6 [pid 6282] <... futex resumed>) = 0 [pid 6283] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6282] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6284 attached => {parent_tid=[6284]}, 88) = 6284 [pid 6284] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6282] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] <... rseq resumed>) = 0 [pid 6284] set_robust_list(0x7f6d360d69a0, 24 [pid 6282] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] <... set_robust_list resumed>) = 0 [pid 6284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6284] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6284] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6284] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6282] exit_group(0) = ? [pid 6284] <... futex resumed>) = ? [pid 6284] +++ exited with 0 +++ [pid 6283] <... futex resumed>) = ? [pid 6283] +++ exited with 0 +++ [pid 6282] +++ exited with 0 +++ [ 134.122068][ T6283] loop0: detected capacity change from 0 to 64 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6282, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./412/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./412/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./412/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./412/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./412/bus") = 0 umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./412/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./412") = 0 mkdir("./413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6285 attached , child_tidptr=0x5555564f6750) = 6285 [pid 6285] set_robust_list(0x5555564f6760, 24) = 0 [pid 6285] chdir("./413") = 0 [pid 6285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6285] setpgid(0, 0) = 0 [pid 6285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6285] write(3, "1000", 4) = 4 [pid 6285] close(3) = 0 [pid 6285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6285] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6285] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6285] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6286 attached [pid 6286] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6285] <... clone3 resumed> => {parent_tid=[6286]}, 88) = 6286 [pid 6286] <... rseq resumed>) = 0 [pid 6286] set_robust_list(0x7f6d468e79a0, 24 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], [pid 6286] <... set_robust_list resumed>) = 0 [pid 6285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6286] rt_sigprocmask(SIG_SETMASK, [], [pid 6285] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6285] <... futex resumed>) = 0 [pid 6286] memfd_create("syzkaller", 0 [pid 6285] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6286] <... memfd_create resumed>) = 3 [pid 6286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6286] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6286] close(3) = 0 [pid 6286] mkdir("./bus", 0777) = 0 [pid 6286] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6286] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6286] chdir("./bus") = 0 [pid 6286] ioctl(4, LOOP_CLR_FD) = 0 [pid 6286] close(4) = 0 [pid 6286] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] memfd_create("syzkaller", 0 [pid 6285] <... futex resumed>) = 0 [pid 6286] <... memfd_create resumed>) = 4 [pid 6285] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6286] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6286] munmap(0x7f6d360cf000, 32768) = 0 [pid 6286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6286] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6286] ioctl(5, LOOP_CLR_FD) = 0 [pid 6286] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6286] close(5) = 0 [pid 6286] close(4) = 0 [pid 6286] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... openat resumed>) = 4 [pid 6286] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6286] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6285] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6286] <... write resumed>) = 12288 [pid 6285] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6286] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6285] <... futex resumed>) = 0 [pid 6286] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6285] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... mmap resumed>) = 0x20000000 [pid 6286] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6286] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] <... futex resumed>) = 0 [pid 6285] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6286] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6285] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6285] <... futex resumed>) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6286] <... openat resumed>) = 6 [pid 6285] <... mmap resumed>) = 0x7f6d360b6000 [pid 6285] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 134.251597][ T6286] loop0: detected capacity change from 0 to 64 [pid 6286] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6286] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6287 attached => {parent_tid=[6287]}, 88) = 6287 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6287] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6285] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... rseq resumed>) = 0 [pid 6287] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6287] rt_sigprocmask(SIG_SETMASK, [], [pid 6285] <... futex resumed>) = 0 [pid 6287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6285] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6287] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6287] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] exit_group(0 [pid 6287] <... futex resumed>) = ? [pid 6286] <... futex resumed>) = ? [pid 6285] <... exit_group resumed>) = ? [pid 6287] +++ exited with 0 +++ [pid 6286] +++ exited with 0 +++ [pid 6285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6285, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./413/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./413/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./413/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./413/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./413/bus") = 0 umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./413/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./413") = 0 mkdir("./414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6288 attached [pid 6288] set_robust_list(0x5555564f6760, 24) = 0 [pid 6288] chdir("./414" [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6288 [pid 6288] <... chdir resumed>) = 0 [pid 6288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6288] setpgid(0, 0) = 0 [pid 6288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6288] write(3, "1000", 4) = 4 [pid 6288] close(3) = 0 [pid 6288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6288] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6288] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6289 attached [pid 6289] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6288] <... clone3 resumed> => {parent_tid=[6289]}, 88) = 6289 [pid 6289] <... rseq resumed>) = 0 [pid 6288] rt_sigprocmask(SIG_SETMASK, [], [pid 6289] set_robust_list(0x7f6d468e79a0, 24 [pid 6288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6289] <... set_robust_list resumed>) = 0 [pid 6288] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], [pid 6288] <... futex resumed>) = 0 [pid 6289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6288] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6289] memfd_create("syzkaller", 0) = 3 [pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6289] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6289] close(3) = 0 [pid 6289] mkdir("./bus", 0777) = 0 [pid 6289] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6289] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6289] chdir("./bus") = 0 [pid 6289] ioctl(4, LOOP_CLR_FD) = 0 [pid 6289] close(4) = 0 [pid 6289] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] <... futex resumed>) = 0 [pid 6289] memfd_create("syzkaller", 0) = 4 [pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6288] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6289] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6289] munmap(0x7f6d360cf000, 32768) = 0 [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6289] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6289] ioctl(5, LOOP_CLR_FD) = 0 [pid 6289] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6289] close(5) = 0 [pid 6289] close(4) = 0 [pid 6289] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = 0 [pid 6288] <... futex resumed>) = 1 [pid 6289] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6288] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... openat resumed>) = 4 [pid 6289] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6289] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6288] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... write resumed>) = 12288 [pid 6289] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6289] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6288] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... mmap resumed>) = 0x20000000 [pid 6289] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6288] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 134.384722][ T6289] loop0: detected capacity change from 0 to 64 [pid 6289] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6288] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6289] <... futex resumed>) = 1 [pid 6289] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6288] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6289] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6288] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6289] <... openat resumed>) = 6 [pid 6288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6290 attached [pid 6289] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] <... clone3 resumed> => {parent_tid=[6290]}, 88) = 6290 [pid 6289] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6288] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6290] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6290] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = 0 [pid 6290] <... futex resumed>) = 1 [pid 6288] exit_group(0 [pid 6290] ???( [pid 6288] <... exit_group resumed>) = ? [pid 6290] <... ??? resumed>) = ? [pid 6289] <... futex resumed>) = ? [pid 6289] +++ exited with 0 +++ [pid 6290] +++ exited with 0 +++ [pid 6288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6288, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./414/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./414/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./414/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./414/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./414/bus") = 0 umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./414/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./414") = 0 mkdir("./415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6291 attached , child_tidptr=0x5555564f6750) = 6291 [pid 6291] set_robust_list(0x5555564f6760, 24) = 0 [pid 6291] chdir("./415") = 0 [pid 6291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6291] setpgid(0, 0) = 0 [pid 6291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6291] write(3, "1000", 4) = 4 [pid 6291] close(3) = 0 [pid 6291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6291] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6291] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6292 attached => {parent_tid=[6292]}, 88) = 6292 [pid 6292] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6292] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], [pid 6292] rt_sigprocmask(SIG_SETMASK, [], [pid 6291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6291] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] memfd_create("syzkaller", 0 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6292] <... memfd_create resumed>) = 3 [pid 6292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6292] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6292] close(3) = 0 [pid 6292] mkdir("./bus", 0777) = 0 [pid 6292] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6292] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6292] chdir("./bus") = 0 [pid 6292] ioctl(4, LOOP_CLR_FD) = 0 [pid 6292] close(4) = 0 [pid 6292] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6292] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] <... futex resumed>) = 0 [pid 6292] memfd_create("syzkaller", 0 [pid 6291] <... futex resumed>) = 1 [pid 6292] <... memfd_create resumed>) = 4 [pid 6291] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6292] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6292] munmap(0x7f6d360cf000, 32768) = 0 [pid 6292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6292] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6292] ioctl(5, LOOP_CLR_FD) = 0 [pid 6292] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6292] close(5) = 0 [pid 6292] close(4) = 0 [pid 6292] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6292] <... futex resumed>) = 1 [pid 6291] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6291] <... futex resumed>) = 0 [pid 6292] <... openat resumed>) = 4 [pid 6291] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... futex resumed>) = 1 [pid 6292] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6292] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... futex resumed>) = 1 [pid 6292] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6292] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6292] <... futex resumed>) = 1 [pid 6291] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6291] <... futex resumed>) = 0 [pid 6292] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6291] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... openat resumed>) = 5 [pid 6292] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] <... futex resumed>) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6292] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6292] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6291] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6292] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6292] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6293 attached [pid 6293] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6291] <... clone3 resumed> => {parent_tid=[6293]}, 88) = 6293 [ 134.537783][ T6292] loop0: detected capacity change from 0 to 64 [pid 6293] <... rseq resumed>) = 0 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], [pid 6293] set_robust_list(0x7f6d360d69a0, 24 [pid 6291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6293] <... set_robust_list resumed>) = 0 [pid 6291] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] rt_sigprocmask(SIG_SETMASK, [], [pid 6291] <... futex resumed>) = 0 [pid 6293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6291] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6293] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6293] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] exit_group(0 [pid 6293] <... futex resumed>) = ? [pid 6292] <... futex resumed>) = ? [pid 6291] <... exit_group resumed>) = ? [pid 6293] +++ exited with 0 +++ [pid 6292] +++ exited with 0 +++ [pid 6291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6291, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./415/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./415/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./415/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./415/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./415/bus") = 0 umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./415/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./415") = 0 mkdir("./416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6294 ./strace-static-x86_64: Process 6294 attached [pid 6294] set_robust_list(0x5555564f6760, 24) = 0 [pid 6294] chdir("./416") = 0 [pid 6294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6294] setpgid(0, 0) = 0 [pid 6294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6294] write(3, "1000", 4) = 4 [pid 6294] close(3) = 0 [pid 6294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6294] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6294] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6295 attached => {parent_tid=[6295]}, 88) = 6295 [pid 6295] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6294] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6295] <... rseq resumed>) = 0 [pid 6295] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6295] memfd_create("syzkaller", 0) = 3 [pid 6295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6295] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6295] close(3) = 0 [pid 6295] mkdir("./bus", 0777) = 0 [pid 6295] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6295] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6295] chdir("./bus") = 0 [pid 6295] ioctl(4, LOOP_CLR_FD) = 0 [pid 6295] close(4) = 0 [pid 6295] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6294] <... futex resumed>) = 0 [pid 6294] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6295] memfd_create("syzkaller", 0) = 4 [pid 6295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6295] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6295] munmap(0x7f6d360cf000, 32768) = 0 [pid 6295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6295] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6295] ioctl(5, LOOP_CLR_FD) = 0 [pid 6295] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6295] close(5) = 0 [pid 6295] close(4) = 0 [pid 6295] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = 0 [pid 6294] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6295] <... futex resumed>) = 1 [pid 6294] <... futex resumed>) = 0 [pid 6295] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6294] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... openat resumed>) = 4 [pid 6295] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = 0 [pid 6294] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... futex resumed>) = 1 [pid 6295] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [ 134.680282][ T6295] loop0: detected capacity change from 0 to 64 [pid 6295] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = 0 [pid 6294] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... futex resumed>) = 1 [pid 6295] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6295] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = 0 [pid 6295] <... futex resumed>) = 1 [pid 6294] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6295] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6294] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] <... openat resumed>) = 5 [pid 6295] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6294] <... futex resumed>) = 0 [pid 6295] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6294] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6294] <... futex resumed>) = 0 [pid 6295] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6294] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6295] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6294] <... futex resumed>) = 0 [pid 6294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6295] <... openat resumed>) = 6 [pid 6294] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6295] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6294] <... mprotect resumed>) = 0 [pid 6294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6296]}, 88) = 6296 ./strace-static-x86_64: Process 6296 attached [pid 6294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6294] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6296] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6296] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6296] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6296] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6294] <... futex resumed>) = 0 [pid 6296] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6294] exit_group(0) = ? [pid 6296] <... futex resumed>) = ? [pid 6296] +++ exited with 0 +++ [pid 6295] <... futex resumed>) = ? [pid 6295] +++ exited with 0 +++ [pid 6294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6294, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./416/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./416/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./416/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./416/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./416/bus") = 0 umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./416/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./416") = 0 mkdir("./417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6297 attached , child_tidptr=0x5555564f6750) = 6297 [pid 6297] set_robust_list(0x5555564f6760, 24) = 0 [pid 6297] chdir("./417") = 0 [pid 6297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6297] setpgid(0, 0) = 0 [pid 6297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6297] write(3, "1000", 4) = 4 [pid 6297] close(3) = 0 [pid 6297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6297] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6297] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6298]}, 88) = 6298 [pid 6297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6297] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6298 attached [pid 6298] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6298] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6298] memfd_create("syzkaller", 0) = 3 [pid 6298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6298] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6298] close(3) = 0 [pid 6298] mkdir("./bus", 0777) = 0 [pid 6298] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6298] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6298] chdir("./bus") = 0 [pid 6298] ioctl(4, LOOP_CLR_FD) = 0 [pid 6298] close(4) = 0 [pid 6298] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6298] <... futex resumed>) = 1 [pid 6297] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] memfd_create("syzkaller", 0 [pid 6297] <... futex resumed>) = 0 [pid 6298] <... memfd_create resumed>) = 4 [pid 6297] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6298] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6298] munmap(0x7f6d360cf000, 32768) = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6298] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6298] ioctl(5, LOOP_CLR_FD) = 0 [pid 6298] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6298] close(5) = 0 [pid 6298] close(4) = 0 [pid 6298] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6298] <... futex resumed>) = 1 [pid 6297] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6297] <... futex resumed>) = 0 [pid 6298] <... openat resumed>) = 4 [pid 6297] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6297] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] <... futex resumed>) = 1 [pid 6298] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6298] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6297] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 1 [pid 6297] <... futex resumed>) = 0 [pid 6298] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6297] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6297] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] <... futex resumed>) = 1 [pid 6297] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6298] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6298] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = 0 [pid 6297] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 1 [pid 6298] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6297] <... futex resumed>) = 0 [ 134.828916][ T6298] loop0: detected capacity change from 0 to 64 [pid 6297] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6297] <... futex resumed>) = 0 [pid 6298] <... openat resumed>) = 6 [pid 6298] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6298] <... futex resumed>) = 0 [pid 6297] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6298] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6297] <... mprotect resumed>) = 0 [pid 6297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6299 attached => {parent_tid=[6299]}, 88) = 6299 [pid 6299] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6297] rt_sigprocmask(SIG_SETMASK, [], [pid 6299] <... rseq resumed>) = 0 [pid 6297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6299] set_robust_list(0x7f6d360d69a0, 24 [pid 6297] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... set_robust_list resumed>) = 0 [pid 6297] <... futex resumed>) = 0 [pid 6299] rt_sigprocmask(SIG_SETMASK, [], [pid 6297] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6299] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6299] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6299] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6297] <... futex resumed>) = 0 [pid 6297] exit_group(0) = ? [pid 6299] <... futex resumed>) = ? [pid 6299] +++ exited with 0 +++ [pid 6298] <... futex resumed>) = ? [pid 6298] +++ exited with 0 +++ [pid 6297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6297, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./417/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./417/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./417/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./417/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./417/bus") = 0 umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./417/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./417") = 0 mkdir("./418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6300 attached , child_tidptr=0x5555564f6750) = 6300 [pid 6300] set_robust_list(0x5555564f6760, 24) = 0 [pid 6300] chdir("./418") = 0 [pid 6300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6300] setpgid(0, 0) = 0 [pid 6300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6300] write(3, "1000", 4) = 4 [pid 6300] close(3) = 0 [pid 6300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6300] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6300] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6301 attached => {parent_tid=[6301]}, 88) = 6301 [pid 6300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6300] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6300] <... futex resumed>) = 0 [pid 6301] <... rseq resumed>) = 0 [pid 6301] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6300] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6301] memfd_create("syzkaller", 0) = 3 [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6301] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6301] close(3) = 0 [pid 6301] mkdir("./bus", 0777) = 0 [pid 6301] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6301] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6301] chdir("./bus") = 0 [pid 6301] ioctl(4, LOOP_CLR_FD) = 0 [pid 6301] close(4) = 0 [pid 6301] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... futex resumed>) = 0 [pid 6301] <... futex resumed>) = 1 [pid 6300] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] memfd_create("syzkaller", 0 [pid 6300] <... futex resumed>) = 0 [pid 6301] <... memfd_create resumed>) = 4 [pid 6300] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6301] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6301] munmap(0x7f6d360cf000, 32768) = 0 [pid 6301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6301] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6301] ioctl(5, LOOP_CLR_FD) = 0 [pid 6301] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6301] close(5) = 0 [pid 6301] close(4) = 0 [pid 6301] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6300] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6301] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6300] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... openat resumed>) = 4 [pid 6301] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6300] <... futex resumed>) = 0 [pid 6301] <... write resumed>) = 12288 [pid 6300] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] <... futex resumed>) = 0 [pid 6301] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6300] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6300] <... futex resumed>) = 0 [pid 6301] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6300] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = 0 [pid 6300] <... futex resumed>) = 1 [pid 6301] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6300] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6301] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6300] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6301] <... openat resumed>) = 6 [pid 6300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6302]}, 88) = 6302 ./strace-static-x86_64: Process 6302 attached [pid 6300] rt_sigprocmask(SIG_SETMASK, [], [pid 6302] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6301] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6302] <... rseq resumed>) = 0 [pid 6300] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] set_robust_list(0x7f6d360d69a0, 24 [pid 6301] <... futex resumed>) = 0 [pid 6302] <... set_robust_list resumed>) = 0 [ 134.972895][ T6301] loop0: detected capacity change from 0 to 64 [pid 6302] rt_sigprocmask(SIG_SETMASK, [], [pid 6301] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] <... futex resumed>) = 0 [pid 6302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6300] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6302] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6302] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6302] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] exit_group(0 [pid 6302] <... futex resumed>) = ? [pid 6301] <... futex resumed>) = ? [pid 6300] <... exit_group resumed>) = ? [pid 6301] +++ exited with 0 +++ [pid 6302] +++ exited with 0 +++ [pid 6300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6300, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./418/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./418/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./418/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./418/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./418/bus") = 0 umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./418/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./418") = 0 mkdir("./419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6303 attached , child_tidptr=0x5555564f6750) = 6303 [pid 6303] set_robust_list(0x5555564f6760, 24) = 0 [pid 6303] chdir("./419") = 0 [pid 6303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6303] setpgid(0, 0) = 0 [pid 6303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6303] write(3, "1000", 4) = 4 [pid 6303] close(3) = 0 [pid 6303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6303] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6303] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6304 attached => {parent_tid=[6304]}, 88) = 6304 [pid 6304] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6303] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6304] <... rseq resumed>) = 0 [pid 6304] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6304] memfd_create("syzkaller", 0) = 3 [pid 6304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6304] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6304] close(3) = 0 [pid 6304] mkdir("./bus", 0777) = 0 [pid 6304] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6304] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6304] chdir("./bus") = 0 [pid 6304] ioctl(4, LOOP_CLR_FD) = 0 [pid 6304] close(4) = 0 [pid 6304] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6304] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6303] <... futex resumed>) = 1 [pid 6304] memfd_create("syzkaller", 0 [pid 6303] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6304] <... memfd_create resumed>) = 4 [pid 6304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6304] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6304] munmap(0x7f6d360cf000, 32768) = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6304] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6304] ioctl(5, LOOP_CLR_FD) = 0 [pid 6304] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6304] close(5) = 0 [pid 6304] close(4) = 0 [pid 6304] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] <... futex resumed>) = 1 [pid 6304] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6304] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6304] <... futex resumed>) = 1 [pid 6303] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6304] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6303] <... futex resumed>) = 0 [pid 6304] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6303] <... futex resumed>) = 0 [pid 6304] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6303] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] <... mmap resumed>) = 0x20000000 [pid 6304] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6303] <... futex resumed>) = 0 [pid 6304] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6304] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6304] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6303] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6303] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6305 attached [pid 6305] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6303] <... clone3 resumed> => {parent_tid=[6305]}, 88) = 6305 [pid 6303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6303] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] <... futex resumed>) = 1 [pid 6303] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] <... rseq resumed>) = 0 [pid 6304] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6304] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6304] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6305] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6305] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 0 [pid 6305] <... futex resumed>) = 1 [pid 6305] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6303] exit_group(0) = ? [pid 6305] <... futex resumed>) = ? [ 135.123988][ T6304] loop0: detected capacity change from 0 to 64 [pid 6304] <... futex resumed>) = ? [pid 6305] +++ exited with 0 +++ [pid 6304] +++ exited with 0 +++ [pid 6303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6303, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./419/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./419/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./419/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./419/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./419/bus") = 0 umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./419/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./419") = 0 mkdir("./420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6306 attached , child_tidptr=0x5555564f6750) = 6306 [pid 6306] set_robust_list(0x5555564f6760, 24) = 0 [pid 6306] chdir("./420") = 0 [pid 6306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6306] setpgid(0, 0) = 0 [pid 6306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6306] write(3, "1000", 4) = 4 [pid 6306] close(3) = 0 [pid 6306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6306] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6306] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6307 attached [pid 6307] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6307] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6306] <... clone3 resumed> => {parent_tid=[6307]}, 88) = 6307 [pid 6307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], [pid 6307] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6306] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6307] <... futex resumed>) = 0 [pid 6306] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6307] memfd_create("syzkaller", 0) = 3 [pid 6307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6307] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6307] close(3) = 0 [pid 6307] mkdir("./bus", 0777) = 0 [pid 6307] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6307] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6307] chdir("./bus") = 0 [pid 6307] ioctl(4, LOOP_CLR_FD) = 0 [pid 6307] close(4) = 0 [pid 6307] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6306] <... futex resumed>) = 0 [pid 6307] memfd_create("syzkaller", 0 [pid 6306] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6307] <... memfd_create resumed>) = 4 [pid 6307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6307] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6307] munmap(0x7f6d360cf000, 32768) = 0 [pid 6307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6307] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6307] ioctl(5, LOOP_CLR_FD) = 0 [pid 6307] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6307] close(5) = 0 [pid 6307] close(4) = 0 [pid 6307] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6307] <... futex resumed>) = 1 [pid 6306] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6306] <... futex resumed>) = 0 [pid 6307] <... openat resumed>) = 4 [pid 6306] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6306] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6307] <... futex resumed>) = 1 [pid 6306] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6307] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6307] <... futex resumed>) = 1 [pid 6307] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6306] <... futex resumed>) = 0 [pid 6307] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6306] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... mmap resumed>) = 0x20000000 [pid 6307] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6306] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... futex resumed>) = 1 [pid 6307] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6307] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6307] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = 0 [pid 6306] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6307] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6306] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6307] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6307] <... futex resumed>) = 0 [pid 6307] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6308 attached => {parent_tid=[6308]}, 88) = 6308 [pid 6308] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6308] set_robust_list(0x7f6d360d69a0, 24 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6306] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6308] <... set_robust_list resumed>) = 0 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6308] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6308] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6308] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] exit_group(0 [pid 6308] <... futex resumed>) = ? [pid 6308] +++ exited with 0 +++ [pid 6307] <... futex resumed>) = ? [pid 6306] <... exit_group resumed>) = ? [ 135.257004][ T6307] loop0: detected capacity change from 0 to 64 [pid 6307] +++ exited with 0 +++ [pid 6306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6306, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./420/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./420/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./420/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./420/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./420/bus") = 0 umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./420/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./420") = 0 mkdir("./421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6309 attached [pid 6309] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6309 [pid 6309] chdir("./421") = 0 [pid 6309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6309] setpgid(0, 0) = 0 [pid 6309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6309] write(3, "1000", 4) = 4 [pid 6309] close(3) = 0 [pid 6309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6309] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6309] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6310 attached [pid 6310] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6309] <... clone3 resumed> => {parent_tid=[6310]}, 88) = 6310 [pid 6310] <... rseq resumed>) = 0 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6310] set_robust_list(0x7f6d468e79a0, 24 [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6310] <... set_robust_list resumed>) = 0 [pid 6309] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6309] <... futex resumed>) = 0 [pid 6310] memfd_create("syzkaller", 0 [pid 6309] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6310] <... memfd_create resumed>) = 3 [pid 6310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6310] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6310] close(3) = 0 [pid 6310] mkdir("./bus", 0777) = 0 [pid 6310] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6310] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6310] chdir("./bus") = 0 [pid 6310] ioctl(4, LOOP_CLR_FD) = 0 [pid 6310] close(4) = 0 [pid 6310] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6310] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = 0 [pid 6309] <... futex resumed>) = 1 [pid 6310] memfd_create("syzkaller", 0 [pid 6309] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6310] <... memfd_create resumed>) = 4 [pid 6310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6310] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6310] munmap(0x7f6d360cf000, 32768) = 0 [pid 6310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6310] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6310] ioctl(5, LOOP_CLR_FD) = 0 [pid 6310] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6310] close(5) = 0 [pid 6310] close(4) = 0 [pid 6310] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6310] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6310] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] <... openat resumed>) = 4 [pid 6310] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] <... futex resumed>) = 1 [pid 6309] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6310] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] <... futex resumed>) = 1 [pid 6310] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6310] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = 1 [pid 6310] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 135.367278][ T6310] loop0: detected capacity change from 0 to 64 [pid 6309] <... futex resumed>) = 0 [pid 6310] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6309] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6310] <... futex resumed>) = 1 [pid 6309] <... mmap resumed>) = 0x7f6d360b6000 [pid 6310] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6310] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6309] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6310] <... openat resumed>) = 6 [pid 6309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6311 attached [pid 6310] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... clone3 resumed> => {parent_tid=[6311]}, 88) = 6311 [pid 6311] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6311] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6310] <... futex resumed>) = 0 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6310] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] rt_sigprocmask(SIG_SETMASK, [], [pid 6309] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6311] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6311] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... futex resumed>) = 0 [pid 6309] exit_group(0 [pid 6310] <... futex resumed>) = ? [pid 6311] <... futex resumed>) = ? [pid 6309] <... exit_group resumed>) = ? [pid 6310] +++ exited with 0 +++ [pid 6311] +++ exited with 0 +++ [pid 6309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6309, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./421/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./421/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./421/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./421/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./421/bus") = 0 umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./421/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./421") = 0 mkdir("./422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6312 attached , child_tidptr=0x5555564f6750) = 6312 [pid 6312] set_robust_list(0x5555564f6760, 24) = 0 [pid 6312] chdir("./422") = 0 [pid 6312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6312] setpgid(0, 0) = 0 [pid 6312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6312] write(3, "1000", 4) = 4 [pid 6312] close(3) = 0 [pid 6312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6312] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6312] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6313 attached [pid 6313] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6312] <... clone3 resumed> => {parent_tid=[6313]}, 88) = 6313 [pid 6313] <... rseq resumed>) = 0 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], [pid 6313] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6313] rt_sigprocmask(SIG_SETMASK, [], [pid 6312] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6312] <... futex resumed>) = 0 [pid 6313] memfd_create("syzkaller", 0 [pid 6312] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6313] <... memfd_create resumed>) = 3 [pid 6313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6313] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6313] close(3) = 0 [pid 6313] mkdir("./bus", 0777) = 0 [pid 6313] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6313] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6313] chdir("./bus") = 0 [pid 6313] ioctl(4, LOOP_CLR_FD) = 0 [pid 6313] close(4) = 0 [pid 6313] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6313] memfd_create("syzkaller", 0) = 4 [pid 6313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6313] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6313] munmap(0x7f6d360cf000, 32768) = 0 [pid 6313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6313] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6313] ioctl(5, LOOP_CLR_FD) = 0 [pid 6313] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6313] close(5) = 0 [pid 6313] close(4) = 0 [pid 6313] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 0 [pid 6313] <... futex resumed>) = 1 [pid 6313] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6312] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... openat resumed>) = 4 [pid 6312] <... futex resumed>) = 0 [pid 6313] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6313] <... futex resumed>) = 0 [pid 6312] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6312] <... futex resumed>) = 0 [pid 6313] <... write resumed>) = 12288 [pid 6312] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6313] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6312] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6313] <... futex resumed>) = 0 [pid 6312] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 135.523946][ T6313] loop0: detected capacity change from 0 to 64 [pid 6313] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6313] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 0 [pid 6313] <... futex resumed>) = 1 [pid 6312] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6313] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 0 [pid 6313] <... futex resumed>) = 1 [pid 6312] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6312] <... futex resumed>) = 0 [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6313] <... openat resumed>) = 6 [pid 6312] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6313] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6313] <... futex resumed>) = 0 [pid 6313] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6314]}, 88) = 6314 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6312] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6314 attached ) = 0 [pid 6314] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6312] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6314] <... rseq resumed>) = 0 [pid 6314] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6314] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6314] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 0 [pid 6314] <... futex resumed>) = 1 [pid 6314] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] exit_group(0 [pid 6314] <... futex resumed>) = ? [pid 6314] +++ exited with 0 +++ [pid 6313] <... futex resumed>) = ? [pid 6312] <... exit_group resumed>) = ? [pid 6313] +++ exited with 0 +++ [pid 6312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6312, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./422/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./422/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./422/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./422/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./422/bus") = 0 umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./422/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./422") = 0 mkdir("./423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6315 ./strace-static-x86_64: Process 6315 attached [pid 6315] set_robust_list(0x5555564f6760, 24) = 0 [pid 6315] chdir("./423") = 0 [pid 6315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6315] setpgid(0, 0) = 0 [pid 6315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6315] write(3, "1000", 4) = 4 [pid 6315] close(3) = 0 [pid 6315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6315] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6315] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6316 attached [pid 6316] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6315] <... clone3 resumed> => {parent_tid=[6316]}, 88) = 6316 [pid 6316] <... rseq resumed>) = 0 [pid 6316] set_robust_list(0x7f6d468e79a0, 24 [pid 6315] rt_sigprocmask(SIG_SETMASK, [], [pid 6316] <... set_robust_list resumed>) = 0 [pid 6315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6316] rt_sigprocmask(SIG_SETMASK, [], [pid 6315] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6315] <... futex resumed>) = 0 [pid 6316] memfd_create("syzkaller", 0 [pid 6315] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] <... memfd_create resumed>) = 3 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6316] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6316] close(3) = 0 [pid 6316] mkdir("./bus", 0777) = 0 [pid 6316] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6316] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6316] chdir("./bus") = 0 [pid 6316] ioctl(4, LOOP_CLR_FD) = 0 [pid 6316] close(4) = 0 [pid 6316] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] <... futex resumed>) = 0 [pid 6316] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6316] memfd_create("syzkaller", 0 [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] <... memfd_create resumed>) = 4 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6316] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6316] munmap(0x7f6d360cf000, 32768) = 0 [pid 6316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6316] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6316] ioctl(5, LOOP_CLR_FD) = 0 [pid 6316] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6316] close(5) = 0 [pid 6316] close(4) = 0 [pid 6316] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 0 [pid 6316] <... futex resumed>) = 1 [pid 6315] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6316] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6315] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] <... openat resumed>) = 4 [pid 6316] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] <... futex resumed>) = 0 [pid 6316] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6315] <... futex resumed>) = 0 [pid 6316] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6315] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] <... write resumed>) = 12288 [pid 6316] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] <... futex resumed>) = 0 [pid 6316] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6315] <... futex resumed>) = 0 [pid 6316] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6315] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] <... mmap resumed>) = 0x20000000 [pid 6316] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] <... futex resumed>) = 0 [pid 6316] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6315] <... futex resumed>) = 0 [pid 6316] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6315] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6316] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6316] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = 0 [pid 6315] <... futex resumed>) = 1 [pid 6316] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6315] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6315] <... futex resumed>) = 0 [pid 6315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6316] <... openat resumed>) = 6 [pid 6315] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6316] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... mprotect resumed>) = 0 [pid 6315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6316] <... futex resumed>) = 0 [pid 6316] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6317 attached [pid 6315] <... clone3 resumed> => {parent_tid=[6317]}, 88) = 6317 [pid 6317] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6317] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 135.679735][ T6316] loop0: detected capacity change from 0 to 64 [pid 6315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6315] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6315] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6317] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6317] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] <... futex resumed>) = 0 [pid 6315] exit_group(0 [pid 6317] <... futex resumed>) = ? [pid 6317] +++ exited with 0 +++ [pid 6316] <... futex resumed>) = ? [pid 6315] <... exit_group resumed>) = ? [pid 6316] +++ exited with 0 +++ [pid 6315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6315, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./423/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./423/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./423/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./423/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./423/bus") = 0 umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./423/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./423") = 0 mkdir("./424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6318 attached [pid 6318] set_robust_list(0x5555564f6760, 24) = 0 [pid 6318] chdir("./424") = 0 [pid 6318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6318] setpgid(0, 0) = 0 [pid 6318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6318 [pid 6318] <... openat resumed>) = 3 [pid 6318] write(3, "1000", 4) = 4 [pid 6318] close(3) = 0 [pid 6318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6318] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6318] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6319 attached [pid 6319] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6318] <... clone3 resumed> => {parent_tid=[6319]}, 88) = 6319 [pid 6319] <... rseq resumed>) = 0 [pid 6319] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6319] rt_sigprocmask(SIG_SETMASK, [], [pid 6318] rt_sigprocmask(SIG_SETMASK, [], [pid 6319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6319] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6319] memfd_create("syzkaller", 0 [pid 6318] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6319] <... memfd_create resumed>) = 3 [pid 6319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6319] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6319] close(3) = 0 [pid 6319] mkdir("./bus", 0777) = 0 [pid 6319] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6319] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6319] chdir("./bus") = 0 [pid 6319] ioctl(4, LOOP_CLR_FD) = 0 [pid 6319] close(4) = 0 [pid 6319] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6319] memfd_create("syzkaller", 0) = 4 [pid 6319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6319] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6319] munmap(0x7f6d360cf000, 32768) = 0 [pid 6319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6319] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6319] ioctl(5, LOOP_CLR_FD) = 0 [pid 6319] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6319] close(5) = 0 [pid 6319] close(4) = 0 [pid 6319] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6319] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6319] <... futex resumed>) = 1 [pid 6319] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6319] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6318] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] <... write resumed>) = 12288 [pid 6319] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6319] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6319] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6318] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] <... mmap resumed>) = 0x20000000 [pid 6319] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6319] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 135.814454][ T6319] loop0: detected capacity change from 0 to 64 [pid 6319] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6319] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6319] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6318] <... futex resumed>) = 0 [pid 6319] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6319] <... openat resumed>) = 6 [pid 6318] <... mmap resumed>) = 0x7f6d360b6000 [pid 6318] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6319] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... mprotect resumed>) = 0 [pid 6319] <... futex resumed>) = 0 [pid 6318] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6319] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6320 attached [pid 6320] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6320] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6320] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] <... clone3 resumed> => {parent_tid=[6320]}, 88) = 6320 [pid 6318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6318] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6320] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6318] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6320] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6320] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6320] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] exit_group(0 [pid 6319] <... futex resumed>) = ? [pid 6318] <... exit_group resumed>) = ? [pid 6320] <... futex resumed>) = ? [pid 6319] +++ exited with 0 +++ [pid 6320] +++ exited with 0 +++ [pid 6318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6318, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./424/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./424/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./424/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./424/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./424/bus") = 0 umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./424/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./424") = 0 mkdir("./425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6321 ./strace-static-x86_64: Process 6321 attached [pid 6321] set_robust_list(0x5555564f6760, 24) = 0 [pid 6321] chdir("./425") = 0 [pid 6321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6321] setpgid(0, 0) = 0 [pid 6321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6321] write(3, "1000", 4) = 4 [pid 6321] close(3) = 0 [pid 6321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6321] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6321] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6322 attached => {parent_tid=[6322]}, 88) = 6322 [pid 6322] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6321] rt_sigprocmask(SIG_SETMASK, [], [pid 6322] set_robust_list(0x7f6d468e79a0, 24 [pid 6321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6322] <... set_robust_list resumed>) = 0 [pid 6321] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] rt_sigprocmask(SIG_SETMASK, [], [pid 6321] <... futex resumed>) = 0 [pid 6322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6321] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6322] memfd_create("syzkaller", 0) = 3 [pid 6322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6322] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6322] close(3) = 0 [pid 6322] mkdir("./bus", 0777) = 0 [pid 6322] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6322] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6322] chdir("./bus") = 0 [pid 6322] ioctl(4, LOOP_CLR_FD) = 0 [pid 6322] close(4) = 0 [pid 6322] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = 0 [pid 6321] <... futex resumed>) = 1 [pid 6322] memfd_create("syzkaller", 0 [pid 6321] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6322] <... memfd_create resumed>) = 4 [pid 6322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6322] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6322] munmap(0x7f6d360cf000, 32768) = 0 [pid 6322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6322] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6322] ioctl(5, LOOP_CLR_FD) = 0 [pid 6322] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6322] close(5) = 0 [pid 6322] close(4) = 0 [pid 6322] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = 0 [pid 6321] <... futex resumed>) = 1 [pid 6322] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6321] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] <... openat resumed>) = 4 [pid 6322] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] <... futex resumed>) = 0 [pid 6322] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6321] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] <... write resumed>) = 12288 [pid 6322] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] <... futex resumed>) = 1 [pid 6322] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6322] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6322] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6322] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] <... futex resumed>) = 0 [pid 6322] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6321] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6321] <... futex resumed>) = 0 [ 135.966057][ T6322] loop0: detected capacity change from 0 to 64 [pid 6321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6322] <... openat resumed>) = 6 [pid 6321] <... mmap resumed>) = 0x7f6d360b6000 [pid 6322] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6322] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] <... mprotect resumed>) = 0 [pid 6321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6323 attached [pid 6323] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6323] set_robust_list(0x7f6d360d69a0, 24 [pid 6321] <... clone3 resumed> => {parent_tid=[6323]}, 88) = 6323 [pid 6323] <... set_robust_list resumed>) = 0 [pid 6321] rt_sigprocmask(SIG_SETMASK, [], [pid 6323] rt_sigprocmask(SIG_SETMASK, [], [pid 6321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6321] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6323] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6323] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] exit_group(0 [pid 6323] <... futex resumed>) = ? [pid 6322] <... futex resumed>) = ? [pid 6321] <... exit_group resumed>) = ? [pid 6323] +++ exited with 0 +++ [pid 6322] +++ exited with 0 +++ [pid 6321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6321, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./425/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./425/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./425/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./425/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./425/bus") = 0 umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./425/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./425") = 0 mkdir("./426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6324 attached , child_tidptr=0x5555564f6750) = 6324 [pid 6324] set_robust_list(0x5555564f6760, 24) = 0 [pid 6324] chdir("./426") = 0 [pid 6324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6324] setpgid(0, 0) = 0 [pid 6324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6324] write(3, "1000", 4) = 4 [pid 6324] close(3) = 0 [pid 6324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6324] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6324] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6325 attached => {parent_tid=[6325]}, 88) = 6325 [pid 6324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6324] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6324] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6325] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6325] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6325] memfd_create("syzkaller", 0) = 3 [pid 6325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6325] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6325] close(3) = 0 [pid 6325] mkdir("./bus", 0777) = 0 [pid 6325] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6325] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6325] chdir("./bus") = 0 [pid 6325] ioctl(4, LOOP_CLR_FD) = 0 [pid 6325] close(4) = 0 [pid 6325] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6325] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6324] <... futex resumed>) = 0 [pid 6325] memfd_create("syzkaller", 0 [pid 6324] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6325] <... memfd_create resumed>) = 4 [pid 6325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6325] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6325] munmap(0x7f6d360cf000, 32768) = 0 [pid 6325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6325] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6325] ioctl(5, LOOP_CLR_FD) = 0 [pid 6325] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6325] close(5) = 0 [pid 6325] close(4) = 0 [pid 6325] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6325] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6324] <... futex resumed>) = 0 [pid 6325] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6324] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] <... openat resumed>) = 4 [pid 6325] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6324] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] <... write resumed>) = 12288 [pid 6325] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] <... futex resumed>) = 0 [pid 6325] <... futex resumed>) = 1 [pid 6324] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6324] <... futex resumed>) = 0 [pid 6324] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] <... mmap resumed>) = 0x20000000 [pid 6325] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6325] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6324] <... futex resumed>) = 0 [pid 6325] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6324] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6325] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6324] <... futex resumed>) = 0 [pid 6325] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6324] <... futex resumed>) = 0 [pid 6325] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6324] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [ 136.092529][ T6325] loop0: detected capacity change from 0 to 64 [pid 6325] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6324] <... futex resumed>) = 0 [pid 6325] <... openat resumed>) = 6 [pid 6324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6325] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] <... mmap resumed>) = 0x7f6d360b6000 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6326 attached [pid 6326] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6324] <... clone3 resumed> => {parent_tid=[6326]}, 88) = 6326 [pid 6326] <... rseq resumed>) = 0 [pid 6324] rt_sigprocmask(SIG_SETMASK, [], [pid 6326] set_robust_list(0x7f6d360d69a0, 24 [pid 6324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6326] <... set_robust_list resumed>) = 0 [pid 6324] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] rt_sigprocmask(SIG_SETMASK, [], [pid 6324] <... futex resumed>) = 0 [pid 6326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6324] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6326] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] <... futex resumed>) = 0 [pid 6324] exit_group(0 [pid 6325] <... futex resumed>) = ? [pid 6326] <... futex resumed>) = ? [pid 6324] <... exit_group resumed>) = ? [pid 6325] +++ exited with 0 +++ [pid 6326] +++ exited with 0 +++ [pid 6324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6324, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./426/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./426/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./426/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./426/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./426/bus") = 0 umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./426/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./426") = 0 mkdir("./427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6327 ./strace-static-x86_64: Process 6327 attached [pid 6327] set_robust_list(0x5555564f6760, 24) = 0 [pid 6327] chdir("./427") = 0 [pid 6327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6327] setpgid(0, 0) = 0 [pid 6327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6327] write(3, "1000", 4) = 4 [pid 6327] close(3) = 0 [pid 6327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6327] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6327] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6328]}, 88) = 6328 ./strace-static-x86_64: Process 6328 attached [pid 6327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6327] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6328] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6328] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] memfd_create("syzkaller", 0) = 3 [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6328] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6328] close(3) = 0 [pid 6328] mkdir("./bus", 0777) = 0 [pid 6328] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6328] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6328] chdir("./bus") = 0 [pid 6328] ioctl(4, LOOP_CLR_FD) = 0 [pid 6328] close(4) = 0 [pid 6328] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6328] memfd_create("syzkaller", 0 [pid 6327] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6328] <... memfd_create resumed>) = 4 [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6328] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6328] munmap(0x7f6d360cf000, 32768) = 0 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6328] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6328] ioctl(5, LOOP_CLR_FD) = 0 [pid 6328] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6328] close(5) = 0 [ 136.223171][ T6328] loop0: detected capacity change from 0 to 64 [pid 6328] close(4) = 0 [pid 6328] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6328] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 1 [pid 6327] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6328] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 1 [pid 6327] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6328] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 1 [pid 6327] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6327] <... futex resumed>) = 1 [pid 6327] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6328] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = 0 [pid 6328] <... futex resumed>) = 1 [pid 6327] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6327] <... futex resumed>) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6328] <... openat resumed>) = 6 [pid 6327] <... mmap resumed>) = 0x7f6d360b6000 [pid 6327] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6329 attached => {parent_tid=[6329]}, 88) = 6329 [pid 6329] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], [pid 6329] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], [pid 6327] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6329] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 0 [pid 6327] exit_group(0 [pid 6329] <... futex resumed>) = ? [pid 6328] <... futex resumed>) = ? [pid 6327] <... exit_group resumed>) = ? [pid 6329] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ [pid 6327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6327, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./427/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./427/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./427/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./427/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./427/bus") = 0 umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./427/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./427") = 0 mkdir("./428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6330 ./strace-static-x86_64: Process 6330 attached [pid 6330] set_robust_list(0x5555564f6760, 24) = 0 [pid 6330] chdir("./428") = 0 [pid 6330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6330] setpgid(0, 0) = 0 [pid 6330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6330] write(3, "1000", 4) = 4 [pid 6330] close(3) = 0 [pid 6330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6330] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6330] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6330] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6331 attached => {parent_tid=[6331]}, 88) = 6331 [pid 6331] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6330] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6331] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6331] memfd_create("syzkaller", 0) = 3 [pid 6331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6331] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6331] close(3) = 0 [pid 6331] mkdir("./bus", 0777) = 0 [pid 6331] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6331] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6331] chdir("./bus") = 0 [pid 6331] ioctl(4, LOOP_CLR_FD) = 0 [pid 6331] close(4) = 0 [pid 6331] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] <... futex resumed>) = 0 [pid 6330] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6331] <... futex resumed>) = 0 [pid 6331] memfd_create("syzkaller", 0) = 4 [pid 6331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6331] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6331] munmap(0x7f6d360cf000, 32768) = 0 [pid 6331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6331] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6331] ioctl(5, LOOP_CLR_FD) = 0 [pid 6331] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6331] close(5) = 0 [pid 6331] close(4) = 0 [pid 6331] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6331] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6330] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6330] <... futex resumed>) = 0 [pid 6331] <... openat resumed>) = 4 [pid 6331] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6330] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = 0 [pid 6330] <... futex resumed>) = 1 [pid 6330] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6331] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... futex resumed>) = 0 [pid 6330] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] <... futex resumed>) = 1 [pid 6331] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6331] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... futex resumed>) = 0 [pid 6330] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] <... futex resumed>) = 1 [pid 6331] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6331] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6331] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6331] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6330] <... futex resumed>) = 0 [pid 6330] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.366565][ T6331] loop0: detected capacity change from 0 to 64 [pid 6331] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6331] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6330] <... mmap resumed>) = 0x7f6d360b6000 [pid 6330] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6331] <... openat resumed>) = 6 [pid 6330] <... mprotect resumed>) = 0 [pid 6330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6332 attached => {parent_tid=[6332]}, 88) = 6332 [pid 6332] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6330] rt_sigprocmask(SIG_SETMASK, [], [pid 6332] <... rseq resumed>) = 0 [pid 6332] set_robust_list(0x7f6d360d69a0, 24 [pid 6330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] <... set_robust_list resumed>) = 0 [pid 6330] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6330] <... futex resumed>) = 0 [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6330] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6331] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] <... futex resumed>) = 1 [pid 6330] <... futex resumed>) = 0 [pid 6332] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] exit_group(0 [pid 6332] <... futex resumed>) = ? [pid 6332] +++ exited with 0 +++ [pid 6331] <... futex resumed>) = ? [pid 6330] <... exit_group resumed>) = ? [pid 6331] +++ exited with 0 +++ [pid 6330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6330, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./428/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./428/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./428/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./428/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./428/bus") = 0 umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./428/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./428") = 0 mkdir("./429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6333 attached , child_tidptr=0x5555564f6750) = 6333 [pid 6333] set_robust_list(0x5555564f6760, 24) = 0 [pid 6333] chdir("./429") = 0 [pid 6333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6333] setpgid(0, 0) = 0 [pid 6333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6333] write(3, "1000", 4) = 4 [pid 6333] close(3) = 0 [pid 6333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6333] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6333] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6334 attached => {parent_tid=[6334]}, 88) = 6334 [pid 6334] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6333] rt_sigprocmask(SIG_SETMASK, [], [pid 6334] set_robust_list(0x7f6d468e79a0, 24 [pid 6333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6334] <... set_robust_list resumed>) = 0 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], [pid 6333] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6334] memfd_create("syzkaller", 0) = 3 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6334] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6334] close(3) = 0 [pid 6334] mkdir("./bus", 0777) = 0 [pid 6334] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6334] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6334] chdir("./bus") = 0 [pid 6334] ioctl(4, LOOP_CLR_FD) = 0 [pid 6334] close(4) = 0 [pid 6334] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6334] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6333] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] memfd_create("syzkaller", 0) = 4 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6334] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6334] munmap(0x7f6d360cf000, 32768) = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6334] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6334] ioctl(5, LOOP_CLR_FD) = 0 [pid 6334] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6334] close(5) = 0 [pid 6334] close(4) = 0 [pid 6334] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6333] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... openat resumed>) = 4 [pid 6334] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6333] <... futex resumed>) = 0 [pid 6334] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6333] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... write resumed>) = 12288 [pid 6334] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6334] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... futex resumed>) = 1 [pid 6334] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6334] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6334] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6333] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.504578][ T6334] loop0: detected capacity change from 0 to 64 [pid 6333] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6334] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6334] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] <... mprotect resumed>) = 0 [pid 6333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6335]}, 88) = 6335 ./strace-static-x86_64: Process 6335 attached [pid 6333] rt_sigprocmask(SIG_SETMASK, [], [pid 6335] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6335] <... rseq resumed>) = 0 [pid 6333] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] set_robust_list(0x7f6d360d69a0, 24 [pid 6333] <... futex resumed>) = 0 [pid 6335] <... set_robust_list resumed>) = 0 [pid 6333] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6335] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6335] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 6333] exit_group(0 [pid 6335] <... futex resumed>) = 1 [pid 6335] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] <... futex resumed>) = ? [pid 6334] +++ exited with 0 +++ [pid 6335] <... futex resumed>) = ? [pid 6333] <... exit_group resumed>) = ? [pid 6335] +++ exited with 0 +++ [pid 6333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6333, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./429/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./429/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./429/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./429/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./429/bus") = 0 umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./429/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./429") = 0 mkdir("./430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6336 attached , child_tidptr=0x5555564f6750) = 6336 [pid 6336] set_robust_list(0x5555564f6760, 24) = 0 [pid 6336] chdir("./430") = 0 [pid 6336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6336] setpgid(0, 0) = 0 [pid 6336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6336] write(3, "1000", 4) = 4 [pid 6336] close(3) = 0 [pid 6336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6336] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6336] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6337 attached [pid 6337] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6337] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6337] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] <... clone3 resumed> => {parent_tid=[6337]}, 88) = 6337 [pid 6336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6336] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = 0 [pid 6336] <... futex resumed>) = 1 [pid 6337] memfd_create("syzkaller", 0) = 3 [pid 6336] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6337] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6337] close(3) = 0 [pid 6337] mkdir("./bus", 0777) = 0 [pid 6337] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6337] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6337] chdir("./bus") = 0 [pid 6337] ioctl(4, LOOP_CLR_FD) = 0 [pid 6337] close(4) = 0 [pid 6337] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6337] memfd_create("syzkaller", 0) = 4 [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6337] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6337] munmap(0x7f6d360cf000, 32768) = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6337] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6337] ioctl(5, LOOP_CLR_FD) = 0 [pid 6337] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6337] close(5) = 0 [pid 6337] close(4) = 0 [pid 6337] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = 0 [pid 6337] <... futex resumed>) = 1 [pid 6337] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6336] <... futex resumed>) = 0 [pid 6337] <... openat resumed>) = 4 [pid 6336] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] <... futex resumed>) = 1 [pid 6337] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6337] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6337] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6337] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6337] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6337] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6337] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6336] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6338 attached [pid 6338] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6336] <... clone3 resumed> => {parent_tid=[6338]}, 88) = 6338 [pid 6338] <... rseq resumed>) = 0 [pid 6338] set_robust_list(0x7f6d360d69a0, 24 [pid 6336] rt_sigprocmask(SIG_SETMASK, [], [pid 6338] <... set_robust_list resumed>) = 0 [pid 6336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], [pid 6336] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6336] <... futex resumed>) = 0 [pid 6338] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6336] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6338] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6338] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] exit_group(0 [pid 6338] <... futex resumed>) = ? [pid 6337] <... futex resumed>) = ? [pid 6336] <... exit_group resumed>) = ? [pid 6338] +++ exited with 0 +++ [pid 6337] +++ exited with 0 +++ [pid 6336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6336, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 136.645055][ T6337] loop0: detected capacity change from 0 to 64 umount2("./430/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./430/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./430/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./430/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./430/bus") = 0 umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./430/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./430") = 0 mkdir("./431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6339 attached , child_tidptr=0x5555564f6750) = 6339 [pid 6339] set_robust_list(0x5555564f6760, 24) = 0 [pid 6339] chdir("./431") = 0 [pid 6339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6339] setpgid(0, 0) = 0 [pid 6339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6339] write(3, "1000", 4) = 4 [pid 6339] close(3) = 0 [pid 6339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6339] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6339] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6340]}, 88) = 6340 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6339] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6340 attached [pid 6340] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6340] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6340] memfd_create("syzkaller", 0) = 3 [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6340] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6340] close(3) = 0 [pid 6340] mkdir("./bus", 0777) = 0 [pid 6340] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6340] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6340] chdir("./bus") = 0 [pid 6340] ioctl(4, LOOP_CLR_FD) = 0 [pid 6340] close(4) = 0 [pid 6340] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6340] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... futex resumed>) = 0 [pid 6339] <... futex resumed>) = 1 [pid 6340] memfd_create("syzkaller", 0 [pid 6339] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6340] <... memfd_create resumed>) = 4 [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6340] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6340] munmap(0x7f6d360cf000, 32768) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6340] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6340] ioctl(5, LOOP_CLR_FD) = 0 [pid 6340] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6340] close(5) = 0 [pid 6340] close(4) = 0 [pid 6340] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... futex resumed>) = 1 [pid 6340] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6340] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... futex resumed>) = 1 [pid 6340] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6340] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6340] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6340] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... futex resumed>) = 0 [pid 6340] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6339] <... futex resumed>) = 1 [pid 6340] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6339] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... openat resumed>) = 5 [pid 6340] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6339] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... futex resumed>) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6340] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6340] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6339] <... mmap resumed>) = 0x7f6d360b6000 [pid 6340] <... openat resumed>) = 6 [pid 6339] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6340] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6340] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6341 attached => {parent_tid=[6341]}, 88) = 6341 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6339] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6341] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6341] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6341] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6341] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [ 136.767873][ T6340] loop0: detected capacity change from 0 to 64 [pid 6341] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] exit_group(0 [pid 6341] <... futex resumed>) = ? [pid 6340] <... futex resumed>) = ? [pid 6339] <... exit_group resumed>) = ? [pid 6341] +++ exited with 0 +++ [pid 6340] +++ exited with 0 +++ [pid 6339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6339, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./431/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./431/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./431/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./431/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./431/bus") = 0 umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./431/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./431") = 0 mkdir("./432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6342 ./strace-static-x86_64: Process 6342 attached [pid 6342] set_robust_list(0x5555564f6760, 24) = 0 [pid 6342] chdir("./432") = 0 [pid 6342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6342] setpgid(0, 0) = 0 [pid 6342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6342] write(3, "1000", 4) = 4 [pid 6342] close(3) = 0 [pid 6342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6342] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6342] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6343 attached => {parent_tid=[6343]}, 88) = 6343 [pid 6342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6342] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6343] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6343] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6343] memfd_create("syzkaller", 0) = 3 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6343] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6343] close(3) = 0 [pid 6343] mkdir("./bus", 0777) = 0 [pid 6343] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6343] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6343] chdir("./bus") = 0 [pid 6343] ioctl(4, LOOP_CLR_FD) = 0 [pid 6343] close(4) = 0 [pid 6343] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] <... futex resumed>) = 0 [pid 6343] memfd_create("syzkaller", 0 [pid 6342] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6343] <... memfd_create resumed>) = 4 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6343] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6343] munmap(0x7f6d360cf000, 32768) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6343] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6343] ioctl(5, LOOP_CLR_FD) = 0 [pid 6343] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6343] close(5) = 0 [pid 6343] close(4) = 0 [pid 6343] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = 0 [pid 6343] <... futex resumed>) = 1 [pid 6342] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... openat resumed>) = 4 [pid 6343] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] <... futex resumed>) = 0 [pid 6343] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6342] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6342] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... mmap resumed>) = 0x20000000 [pid 6343] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6342] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 136.914287][ T6343] loop0: detected capacity change from 0 to 64 [pid 6343] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6343] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6342] <... futex resumed>) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6343] <... openat resumed>) = 6 [pid 6343] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... mmap resumed>) = 0x7f6d360b6000 [pid 6342] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6343] <... futex resumed>) = 0 [pid 6343] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] <... mprotect resumed>) = 0 [pid 6342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6344 attached => {parent_tid=[6344]}, 88) = 6344 [pid 6344] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6342] rt_sigprocmask(SIG_SETMASK, [], [pid 6344] <... rseq resumed>) = 0 [pid 6342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6344] set_robust_list(0x7f6d360d69a0, 24 [pid 6342] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] <... set_robust_list resumed>) = 0 [pid 6344] rt_sigprocmask(SIG_SETMASK, [], [pid 6342] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6344] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6344] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = 0 [pid 6344] <... futex resumed>) = 1 [pid 6342] exit_group(0 [pid 6344] ???( [pid 6342] <... exit_group resumed>) = ? [pid 6344] <... ??? resumed>) = ? [pid 6343] <... futex resumed>) = ? [pid 6344] +++ exited with 0 +++ [pid 6343] +++ exited with 0 +++ [pid 6342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6342, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./432/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./432/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./432/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./432/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./432/bus") = 0 umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./432/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./432") = 0 mkdir("./433", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6345 attached , child_tidptr=0x5555564f6750) = 6345 [pid 6345] set_robust_list(0x5555564f6760, 24) = 0 [pid 6345] chdir("./433") = 0 [pid 6345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6345] setpgid(0, 0) = 0 [pid 6345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6345] write(3, "1000", 4) = 4 [pid 6345] close(3) = 0 [pid 6345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6345] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6345] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6346 attached [pid 6346] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6345] <... clone3 resumed> => {parent_tid=[6346]}, 88) = 6346 [pid 6346] <... rseq resumed>) = 0 [pid 6346] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6346] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6345] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 0 [pid 6345] <... futex resumed>) = 1 [pid 6346] memfd_create("syzkaller", 0) = 3 [pid 6346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6345] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6346] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6346] close(3) = 0 [pid 6346] mkdir("./bus", 0777) = 0 [pid 6346] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6346] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6346] chdir("./bus") = 0 [pid 6346] ioctl(4, LOOP_CLR_FD) = 0 [pid 6346] close(4) = 0 [pid 6346] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6345] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] memfd_create("syzkaller", 0 [pid 6345] <... futex resumed>) = 0 [pid 6346] <... memfd_create resumed>) = 4 [pid 6345] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6346] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6346] munmap(0x7f6d360cf000, 32768) = 0 [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6346] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6346] ioctl(5, LOOP_CLR_FD) = 0 [pid 6346] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6346] close(5) = 0 [pid 6346] close(4) = 0 [pid 6346] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = 1 [pid 6346] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6345] <... futex resumed>) = 0 [pid 6346] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6345] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... openat resumed>) = 4 [pid 6346] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = 1 [pid 6346] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6345] <... futex resumed>) = 0 [pid 6346] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6345] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... futex resumed>) = 0 [pid 6345] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 1 [pid 6346] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6346] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... futex resumed>) = 0 [pid 6345] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6346] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6345] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6346] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... futex resumed>) = 0 [pid 6345] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6346] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6346] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6345] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... openat resumed>) = 6 [pid 6345] <... futex resumed>) = 0 [pid 6345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6345] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6346] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... mprotect resumed>) = 0 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6347 attached [pid 6347] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6345] <... clone3 resumed> => {parent_tid=[6347]}, 88) = 6347 [pid 6347] <... rseq resumed>) = 0 [pid 6345] rt_sigprocmask(SIG_SETMASK, [], [pid 6347] set_robust_list(0x7f6d360d69a0, 24 [pid 6345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6347] <... set_robust_list resumed>) = 0 [pid 6345] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], [pid 6345] <... futex resumed>) = 0 [pid 6347] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 137.060321][ T6346] loop0: detected capacity change from 0 to 64 [pid 6345] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6347] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6347] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] exit_group(0 [pid 6346] <... futex resumed>) = ? [pid 6345] <... exit_group resumed>) = ? [pid 6347] <... futex resumed>) = ? [pid 6346] +++ exited with 0 +++ [pid 6347] +++ exited with 0 +++ [pid 6345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6345, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./433/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./433/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./433/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./433/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./433/bus") = 0 umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./433/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./433") = 0 mkdir("./434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6348 attached , child_tidptr=0x5555564f6750) = 6348 [pid 6348] set_robust_list(0x5555564f6760, 24) = 0 [pid 6348] chdir("./434") = 0 [pid 6348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6348] setpgid(0, 0) = 0 [pid 6348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6348] write(3, "1000", 4) = 4 [pid 6348] close(3) = 0 [pid 6348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6348] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6348] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6349 attached => {parent_tid=[6349]}, 88) = 6349 [pid 6349] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6349] <... rseq resumed>) = 0 [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6349] set_robust_list(0x7f6d468e79a0, 24 [pid 6348] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] <... set_robust_list resumed>) = 0 [pid 6348] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6349] memfd_create("syzkaller", 0) = 3 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6349] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6349] close(3) = 0 [pid 6349] mkdir("./bus", 0777) = 0 [pid 6349] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6349] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6349] chdir("./bus") = 0 [pid 6349] ioctl(4, LOOP_CLR_FD) = 0 [pid 6349] close(4) = 0 [pid 6349] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = 0 [pid 6348] <... futex resumed>) = 1 [pid 6349] memfd_create("syzkaller", 0 [pid 6348] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] <... memfd_create resumed>) = 4 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6349] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6349] munmap(0x7f6d360cf000, 32768) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6349] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6349] ioctl(5, LOOP_CLR_FD) = 0 [pid 6349] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6349] close(5) = 0 [pid 6349] close(4) = 0 [pid 6349] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6348] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... openat resumed>) = 4 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6348] <... futex resumed>) = 0 [pid 6349] <... write resumed>) = 12288 [pid 6348] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6349] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6348] <... futex resumed>) = 0 [pid 6349] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6348] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6349] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6349] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] <... futex resumed>) = 0 [pid 6348] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6348] <... futex resumed>) = 0 [pid 6349] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6348] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6349] <... openat resumed>) = 6 [ 137.193744][ T6349] loop0: detected capacity change from 0 to 64 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6349] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6350 attached [pid 6350] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6348] <... clone3 resumed> => {parent_tid=[6350]}, 88) = 6350 [pid 6350] set_robust_list(0x7f6d360d69a0, 24 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6350] <... set_robust_list resumed>) = 0 [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6350] rt_sigprocmask(SIG_SETMASK, [], [pid 6348] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6348] <... futex resumed>) = 0 [pid 6350] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6348] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6350] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6349] <... futex resumed>) = 0 [pid 6350] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] <... futex resumed>) = 0 [pid 6350] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] exit_group(0) = ? [pid 6350] <... futex resumed>) = ? [pid 6349] <... futex resumed>) = ? [pid 6350] +++ exited with 0 +++ [pid 6349] +++ exited with 0 +++ [pid 6348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6348, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./434/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./434/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./434/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./434/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./434/bus") = 0 umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./434/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./434") = 0 mkdir("./435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6351 attached [pid 6351] set_robust_list(0x5555564f6760, 24) = 0 [pid 6351] chdir("./435") = 0 [pid 6351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6351 [pid 6351] setpgid(0, 0) = 0 [pid 6351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6351] write(3, "1000", 4) = 4 [pid 6351] close(3) = 0 [pid 6351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6351] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6351] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6352 attached => {parent_tid=[6352]}, 88) = 6352 [pid 6351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6351] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6352] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6352] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6352] memfd_create("syzkaller", 0) = 3 [pid 6352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6352] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6352] close(3) = 0 [pid 6352] mkdir("./bus", 0777) = 0 [pid 6352] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6352] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6352] chdir("./bus") = 0 [pid 6352] ioctl(4, LOOP_CLR_FD) = 0 [pid 6352] close(4) = 0 [pid 6352] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6352] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = 0 [pid 6352] memfd_create("syzkaller", 0) = 4 [pid 6352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6352] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6351] <... futex resumed>) = 1 [pid 6351] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6352] <... write resumed>) = 32768 [pid 6352] munmap(0x7f6d360cf000, 32768) = 0 [pid 6352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6352] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6352] ioctl(5, LOOP_CLR_FD) = 0 [pid 6352] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6352] close(5) = 0 [pid 6352] close(4) = 0 [pid 6352] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6352] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6352] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = 0 [pid 6351] <... futex resumed>) = 1 [pid 6352] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6351] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... write resumed>) = 12288 [pid 6352] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6352] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... mmap resumed>) = 0x20000000 [pid 6352] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6352] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 6352] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6351] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6352] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6352] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6351] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 137.364271][ T6352] loop0: detected capacity change from 0 to 64 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6352] <... openat resumed>) = 6 [pid 6351] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6352] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] <... mprotect resumed>) = 0 [pid 6352] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6353 attached => {parent_tid=[6353]}, 88) = 6353 [pid 6353] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6351] rt_sigprocmask(SIG_SETMASK, [], [pid 6353] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6353] rt_sigprocmask(SIG_SETMASK, [], [pid 6351] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6353] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6353] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6353] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] exit_group(0 [pid 6353] <... futex resumed>) = ? [pid 6352] <... futex resumed>) = ? [pid 6351] <... exit_group resumed>) = ? [pid 6353] +++ exited with 0 +++ [pid 6352] +++ exited with 0 +++ [pid 6351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6351, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./435/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./435/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./435/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./435/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./435/bus") = 0 umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./435/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./435") = 0 mkdir("./436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6354 attached , child_tidptr=0x5555564f6750) = 6354 [pid 6354] set_robust_list(0x5555564f6760, 24) = 0 [pid 6354] chdir("./436") = 0 [pid 6354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6354] setpgid(0, 0) = 0 [pid 6354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6354] write(3, "1000", 4) = 4 [pid 6354] close(3) = 0 [pid 6354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6354] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6354] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6355 attached [pid 6355] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6354] <... clone3 resumed> => {parent_tid=[6355]}, 88) = 6355 [pid 6355] <... rseq resumed>) = 0 [pid 6355] set_robust_list(0x7f6d468e79a0, 24 [pid 6354] rt_sigprocmask(SIG_SETMASK, [], [pid 6355] <... set_robust_list resumed>) = 0 [pid 6354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6355] rt_sigprocmask(SIG_SETMASK, [], [pid 6354] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6354] <... futex resumed>) = 0 [pid 6355] memfd_create("syzkaller", 0 [pid 6354] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6355] <... memfd_create resumed>) = 3 [pid 6355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6355] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6355] close(3) = 0 [pid 6355] mkdir("./bus", 0777) = 0 [pid 6355] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6355] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6355] chdir("./bus") = 0 [pid 6355] ioctl(4, LOOP_CLR_FD) = 0 [pid 6355] close(4) = 0 [pid 6355] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = 0 [pid 6354] <... futex resumed>) = 1 [pid 6355] memfd_create("syzkaller", 0 [pid 6354] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6355] <... memfd_create resumed>) = 4 [pid 6355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6355] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6355] munmap(0x7f6d360cf000, 32768) = 0 [pid 6355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6355] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6355] ioctl(5, LOOP_CLR_FD) = 0 [pid 6355] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6355] close(5) = 0 [pid 6355] close(4) = 0 [pid 6355] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6354] <... futex resumed>) = 0 [pid 6355] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6354] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] <... openat resumed>) = 4 [ 137.503800][ T6355] loop0: detected capacity change from 0 to 64 [pid 6355] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6354] <... futex resumed>) = 0 [pid 6355] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6354] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] <... write resumed>) = 12288 [pid 6355] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6354] <... futex resumed>) = 0 [pid 6355] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6354] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] <... mmap resumed>) = 0x20000000 [pid 6355] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6354] <... futex resumed>) = 0 [pid 6355] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6354] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6355] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6354] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6355] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6355] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6354] <... mmap resumed>) = 0x7f6d360b6000 [pid 6354] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6355] <... openat resumed>) = 6 [pid 6354] <... mprotect resumed>) = 0 [pid 6355] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6356 attached => {parent_tid=[6356]}, 88) = 6356 [pid 6354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6354] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6354] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... rseq resumed>) = 0 [pid 6356] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6356] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6356] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6354] <... futex resumed>) = 0 [pid 6354] exit_group(0) = ? [pid 6356] <... futex resumed>) = ? [pid 6355] <... futex resumed>) = ? [pid 6356] +++ exited with 0 +++ [pid 6355] +++ exited with 0 +++ [pid 6354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6354, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./436/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./436/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./436/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./436/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./436/bus") = 0 umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./436/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./436") = 0 mkdir("./437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6357 attached , child_tidptr=0x5555564f6750) = 6357 [pid 6357] set_robust_list(0x5555564f6760, 24) = 0 [pid 6357] chdir("./437") = 0 [pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6357] setpgid(0, 0) = 0 [pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6357] write(3, "1000", 4) = 4 [pid 6357] close(3) = 0 [pid 6357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6357] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6357] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6358]}, 88) = 6358 ./strace-static-x86_64: Process 6358 attached [pid 6358] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6357] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6358] <... rseq resumed>) = 0 [pid 6358] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6358] memfd_create("syzkaller", 0) = 3 [pid 6358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6358] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6358] close(3) = 0 [pid 6358] mkdir("./bus", 0777) = 0 [pid 6358] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6358] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6358] chdir("./bus") = 0 [pid 6358] ioctl(4, LOOP_CLR_FD) = 0 [pid 6358] close(4) = 0 [pid 6358] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] <... futex resumed>) = 0 [pid 6358] memfd_create("syzkaller", 0 [pid 6357] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6358] <... memfd_create resumed>) = 4 [pid 6358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6358] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6358] munmap(0x7f6d360cf000, 32768) = 0 [pid 6358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6358] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6358] ioctl(5, LOOP_CLR_FD) = 0 [pid 6358] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6358] close(5) = 0 [pid 6358] close(4) = 0 [pid 6358] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] <... futex resumed>) = 0 [pid 6358] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6357] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... openat resumed>) = 4 [pid 6358] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6358] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6357] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... write resumed>) = 12288 [pid 6358] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6358] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6357] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... mmap resumed>) = 0x20000000 [pid 6358] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6357] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6358] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6357] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6358] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] <... futex resumed>) = 0 [pid 6357] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6358] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6358] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6357] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... openat resumed>) = 6 [pid 6357] <... futex resumed>) = 0 [pid 6358] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6358] <... futex resumed>) = 0 [pid 6357] <... mmap resumed>) = 0x7f6d360b6000 [pid 6358] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6359]}, 88) = 6359 ./strace-static-x86_64: Process 6359 attached [pid 6359] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6359] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6359] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6357] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6359] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6357] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6359] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] <... futex resumed>) = 0 [pid 6359] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6357] exit_group(0) = ? [pid 6358] <... futex resumed>) = ? [pid 6359] <... futex resumed>) = ? [pid 6358] +++ exited with 0 +++ [pid 6359] +++ exited with 0 +++ [pid 6357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6357, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 137.655659][ T6358] loop0: detected capacity change from 0 to 64 umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./437/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./437/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./437/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./437/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./437/bus") = 0 umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./437/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./437") = 0 mkdir("./438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6360 attached , child_tidptr=0x5555564f6750) = 6360 [pid 6360] set_robust_list(0x5555564f6760, 24) = 0 [pid 6360] chdir("./438") = 0 [pid 6360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6360] setpgid(0, 0) = 0 [pid 6360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6360] write(3, "1000", 4) = 4 [pid 6360] close(3) = 0 [pid 6360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6360] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6360] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6360] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6361 attached [pid 6361] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6360] <... clone3 resumed> => {parent_tid=[6361]}, 88) = 6361 [pid 6361] <... rseq resumed>) = 0 [pid 6360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6361] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6360] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6360] <... futex resumed>) = 0 [pid 6361] memfd_create("syzkaller", 0) = 3 [pid 6361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6360] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6361] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6361] close(3) = 0 [pid 6361] mkdir("./bus", 0777) = 0 [pid 6361] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6361] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6361] chdir("./bus") = 0 [pid 6361] ioctl(4, LOOP_CLR_FD) = 0 [pid 6361] close(4) = 0 [pid 6361] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6361] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6360] <... futex resumed>) = 0 [pid 6361] memfd_create("syzkaller", 0 [pid 6360] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6361] <... memfd_create resumed>) = 4 [pid 6361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6361] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6361] munmap(0x7f6d360cf000, 32768) = 0 [pid 6361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6361] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6361] ioctl(5, LOOP_CLR_FD) = 0 [pid 6361] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6361] close(5) = 0 [pid 6361] close(4) = 0 [pid 6361] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = 0 [pid 6361] <... futex resumed>) = 1 [pid 6360] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6360] <... futex resumed>) = 0 [pid 6360] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... openat resumed>) = 4 [pid 6361] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6361] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6360] <... futex resumed>) = 0 [pid 6361] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6360] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... write resumed>) = 12288 [pid 6361] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = 0 [pid 6361] <... futex resumed>) = 1 [pid 6360] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6360] <... futex resumed>) = 0 [pid 6360] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... mmap resumed>) = 0x20000000 [pid 6361] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = 0 [pid 6361] <... futex resumed>) = 1 [pid 6360] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6360] <... futex resumed>) = 0 [pid 6360] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6361] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = 0 [pid 6361] <... futex resumed>) = 1 [pid 6360] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6360] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6361] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6360] <... mmap resumed>) = 0x7f6d360b6000 [pid 6361] <... openat resumed>) = 6 [pid 6361] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6361] <... futex resumed>) = 0 [pid 6360] <... mprotect resumed>) = 0 [pid 6361] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6362 attached [pid 6362] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6362] set_robust_list(0x7f6d360d69a0, 24) = 0 [ 137.788841][ T6361] loop0: detected capacity change from 0 to 64 [pid 6362] rt_sigprocmask(SIG_SETMASK, [], [pid 6360] <... clone3 resumed> => {parent_tid=[6362]}, 88) = 6362 [pid 6362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6362] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6360] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] <... futex resumed>) = 0 [pid 6362] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6362] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6362] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] exit_group(0 [pid 6362] <... futex resumed>) = ? [pid 6361] <... futex resumed>) = ? [pid 6360] <... exit_group resumed>) = ? [pid 6361] +++ exited with 0 +++ [pid 6362] +++ exited with 0 +++ [pid 6360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6360, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./438/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./438/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./438/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./438/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./438/bus") = 0 umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./438/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./438") = 0 mkdir("./439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6363 ./strace-static-x86_64: Process 6363 attached [pid 6363] set_robust_list(0x5555564f6760, 24) = 0 [pid 6363] chdir("./439") = 0 [pid 6363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6363] setpgid(0, 0) = 0 [pid 6363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6363] write(3, "1000", 4) = 4 [pid 6363] close(3) = 0 [pid 6363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6363] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6363] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6364 attached [pid 6364] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6363] <... clone3 resumed> => {parent_tid=[6364]}, 88) = 6364 [pid 6364] set_robust_list(0x7f6d468e79a0, 24 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], [pid 6364] <... set_robust_list resumed>) = 0 [pid 6363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6364] rt_sigprocmask(SIG_SETMASK, [], [pid 6363] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6363] <... futex resumed>) = 0 [pid 6364] memfd_create("syzkaller", 0 [pid 6363] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6364] <... memfd_create resumed>) = 3 [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6364] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6364] close(3) = 0 [pid 6364] mkdir("./bus", 0777) = 0 [pid 6364] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6364] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6364] chdir("./bus") = 0 [pid 6364] ioctl(4, LOOP_CLR_FD) = 0 [pid 6364] close(4) = 0 [pid 6364] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 1 [pid 6363] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] memfd_create("syzkaller", 0 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6364] <... memfd_create resumed>) = 4 [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6364] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6364] munmap(0x7f6d360cf000, 32768) = 0 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6364] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6364] ioctl(5, LOOP_CLR_FD) = 0 [pid 6364] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6364] close(5) = 0 [pid 6364] close(4) = 0 [pid 6364] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 1 [pid 6363] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6363] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... openat resumed>) = 4 [ 137.924807][ T6364] loop0: detected capacity change from 0 to 64 [pid 6364] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6364] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6364] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6363] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... write resumed>) = 12288 [pid 6364] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6364] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6364] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6363] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... mmap resumed>) = 0x20000000 [pid 6364] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6364] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6363] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6364] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6364] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6364] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6363] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6363] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6364] <... openat resumed>) = 6 [pid 6364] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... mprotect resumed>) = 0 [pid 6364] <... futex resumed>) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6364] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6365 attached [pid 6365] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6363] <... clone3 resumed> => {parent_tid=[6365]}, 88) = 6365 [pid 6365] <... rseq resumed>) = 0 [pid 6365] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6365] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6363] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6365] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6363] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6365] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6365] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] exit_group(0 [pid 6365] <... futex resumed>) = ? [pid 6364] <... futex resumed>) = ? [pid 6363] <... exit_group resumed>) = ? [pid 6365] +++ exited with 0 +++ [pid 6364] +++ exited with 0 +++ [pid 6363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6363, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./439/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./439/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./439/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./439/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./439/bus") = 0 umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./439/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./439") = 0 mkdir("./440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6366 ./strace-static-x86_64: Process 6366 attached [pid 6366] set_robust_list(0x5555564f6760, 24) = 0 [pid 6366] chdir("./440") = 0 [pid 6366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6366] setpgid(0, 0) = 0 [pid 6366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6366] write(3, "1000", 4) = 4 [pid 6366] close(3) = 0 [pid 6366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6366] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6366] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6367 attached [pid 6367] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6367] set_robust_list(0x7f6d468e79a0, 24 [pid 6366] <... clone3 resumed> => {parent_tid=[6367]}, 88) = 6367 [pid 6367] <... set_robust_list resumed>) = 0 [pid 6367] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6367] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = 0 [pid 6366] <... futex resumed>) = 1 [pid 6366] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6367] memfd_create("syzkaller", 0) = 3 [pid 6367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6367] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6367] close(3) = 0 [pid 6367] mkdir("./bus", 0777) = 0 [pid 6367] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6367] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6367] chdir("./bus") = 0 [pid 6367] ioctl(4, LOOP_CLR_FD) = 0 [pid 6367] close(4) = 0 [pid 6367] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6367] memfd_create("syzkaller", 0) = 4 [pid 6367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6367] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6367] munmap(0x7f6d360cf000, 32768) = 0 [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6367] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6367] ioctl(5, LOOP_CLR_FD) = 0 [pid 6367] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6367] close(5) = 0 [pid 6367] close(4) = 0 [pid 6367] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6367] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6367] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6367] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6367] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6366] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... write resumed>) = 12288 [pid 6367] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6367] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6367] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = 0 [pid 6366] <... futex resumed>) = 1 [pid 6367] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6366] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6367] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 138.081350][ T6367] loop0: detected capacity change from 0 to 64 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6367] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6366] <... mmap resumed>) = 0x7f6d360b6000 [pid 6366] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6368 attached => {parent_tid=[6368]}, 88) = 6368 [pid 6368] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6368] <... rseq resumed>) = 0 [pid 6368] set_robust_list(0x7f6d360d69a0, 24 [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6368] <... set_robust_list resumed>) = 0 [pid 6366] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] <... futex resumed>) = 0 [pid 6368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6368] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6366] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6368] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6368] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6368] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6367] <... openat resumed>) = 6 [pid 6367] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] exit_group(0 [pid 6367] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6366] <... exit_group resumed>) = ? [pid 6368] <... futex resumed>) = ? [pid 6367] +++ exited with 0 +++ [pid 6368] +++ exited with 0 +++ [pid 6366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6366, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./440/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./440/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./440/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./440/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./440/bus") = 0 umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./440/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./440") = 0 mkdir("./441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6369 attached , child_tidptr=0x5555564f6750) = 6369 [pid 6369] set_robust_list(0x5555564f6760, 24) = 0 [pid 6369] chdir("./441") = 0 [pid 6369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6369] setpgid(0, 0) = 0 [pid 6369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6369] write(3, "1000", 4) = 4 [pid 6369] close(3) = 0 [pid 6369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6369] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6369] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6370]}, 88) = 6370 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6369] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6370 attached [pid 6370] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6369] <... futex resumed>) = 0 [pid 6370] <... rseq resumed>) = 0 [pid 6370] set_robust_list(0x7f6d468e79a0, 24 [pid 6369] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6370] <... set_robust_list resumed>) = 0 [pid 6370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6370] memfd_create("syzkaller", 0) = 3 [pid 6370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6370] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6370] close(3) = 0 [pid 6370] mkdir("./bus", 0777) = 0 [pid 6370] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6370] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6370] chdir("./bus") = 0 [pid 6370] ioctl(4, LOOP_CLR_FD) = 0 [pid 6370] close(4) = 0 [pid 6370] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6370] memfd_create("syzkaller", 0 [pid 6369] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] <... memfd_create resumed>) = 4 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6370] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6370] munmap(0x7f6d360cf000, 32768) = 0 [pid 6370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6370] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6370] ioctl(5, LOOP_CLR_FD) = 0 [pid 6370] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6370] close(5) = 0 [pid 6370] close(4) = 0 [pid 6370] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6370] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6369] <... futex resumed>) = 0 [pid 6370] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6369] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... futex resumed>) = 1 [pid 6370] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6370] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] <... futex resumed>) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6370] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6369] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... mmap resumed>) = 0x20000000 [pid 6370] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6370] <... futex resumed>) = 1 [pid 6369] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6370] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] <... futex resumed>) = 1 [pid 6369] <... futex resumed>) = 0 [pid 6370] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6369] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6369] <... futex resumed>) = 0 [pid 6370] <... openat resumed>) = 6 [pid 6369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6369] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6370] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6370] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6371 attached [pid 6371] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6369] <... clone3 resumed> => {parent_tid=[6371]}, 88) = 6371 [pid 6371] <... rseq resumed>) = 0 [pid 6371] set_robust_list(0x7f6d360d69a0, 24 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], [pid 6371] <... set_robust_list resumed>) = 0 [pid 6371] rt_sigprocmask(SIG_SETMASK, [], [pid 6369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6369] <... futex resumed>) = 0 [pid 6371] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6371] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] <... futex resumed>) = 0 [pid 6369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] exit_group(0 [pid 6370] <... futex resumed>) = ? [ 138.217143][ T6370] loop0: detected capacity change from 0 to 64 [pid 6370] +++ exited with 0 +++ [pid 6371] <... futex resumed>) = ? [pid 6369] <... exit_group resumed>) = ? [pid 6371] +++ exited with 0 +++ [pid 6369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6369, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./441/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./441/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./441/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./441/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./441/bus") = 0 umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./441/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./441") = 0 mkdir("./442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6372 attached , child_tidptr=0x5555564f6750) = 6372 [pid 6372] set_robust_list(0x5555564f6760, 24) = 0 [pid 6372] chdir("./442") = 0 [pid 6372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6372] setpgid(0, 0) = 0 [pid 6372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6372] write(3, "1000", 4) = 4 [pid 6372] close(3) = 0 [pid 6372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6372] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6372] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6373 attached => {parent_tid=[6373]}, 88) = 6373 [pid 6372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6372] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6373] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6372] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6373] <... rseq resumed>) = 0 [pid 6373] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6373] memfd_create("syzkaller", 0) = 3 [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6373] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6373] close(3) = 0 [pid 6373] mkdir("./bus", 0777) = 0 [pid 6373] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6373] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6373] chdir("./bus") = 0 [pid 6373] ioctl(4, LOOP_CLR_FD) = 0 [pid 6373] close(4) = 0 [pid 6373] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6373] memfd_create("syzkaller", 0 [pid 6372] <... futex resumed>) = 0 [pid 6373] <... memfd_create resumed>) = 4 [pid 6372] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6373] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6373] munmap(0x7f6d360cf000, 32768) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6373] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6373] ioctl(5, LOOP_CLR_FD) = 0 [pid 6373] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6373] close(5) = 0 [pid 6373] close(4) = 0 [pid 6373] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6373] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... write resumed>) = 12288 [pid 6373] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = 1 [pid 6373] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6372] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... mmap resumed>) = 0x20000000 [pid 6373] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6373] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6373] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6373] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = 1 [pid 6373] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6372] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6372] <... futex resumed>) = 0 [pid 6373] <... openat resumed>) = 6 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6373] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6373] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 138.325815][ T6373] loop0: detected capacity change from 0 to 64 [pid 6372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6374 attached => {parent_tid=[6374]}, 88) = 6374 [pid 6374] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6374] <... rseq resumed>) = 0 [pid 6372] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6374] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6374] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6374] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6374] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] exit_group(0 [pid 6374] <... futex resumed>) = ? [pid 6373] <... futex resumed>) = ? [pid 6374] +++ exited with 0 +++ [pid 6373] +++ exited with 0 +++ [pid 6372] <... exit_group resumed>) = ? [pid 6372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6372, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./442/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./442/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./442/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./442/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./442/bus") = 0 umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./442/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./442") = 0 mkdir("./443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6375 ./strace-static-x86_64: Process 6375 attached [pid 6375] set_robust_list(0x5555564f6760, 24) = 0 [pid 6375] chdir("./443") = 0 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6375] setpgid(0, 0) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6375] write(3, "1000", 4) = 4 [pid 6375] close(3) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6375] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6375] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6376 attached => {parent_tid=[6376]}, 88) = 6376 [pid 6376] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], [pid 6376] set_robust_list(0x7f6d468e79a0, 24 [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6376] <... set_robust_list resumed>) = 0 [pid 6375] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] rt_sigprocmask(SIG_SETMASK, [], [pid 6375] <... futex resumed>) = 0 [pid 6376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6375] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6376] memfd_create("syzkaller", 0) = 3 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6376] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6376] close(3) = 0 [pid 6376] mkdir("./bus", 0777) = 0 [pid 6376] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6376] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6376] chdir("./bus") = 0 [pid 6376] ioctl(4, LOOP_CLR_FD) = 0 [pid 6376] close(4) = 0 [pid 6376] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6376] memfd_create("syzkaller", 0 [pid 6375] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6376] <... memfd_create resumed>) = 4 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6376] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6376] munmap(0x7f6d360cf000, 32768) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6376] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6376] ioctl(5, LOOP_CLR_FD) = 0 [pid 6376] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6376] close(5) = 0 [pid 6376] close(4) = 0 [pid 6376] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6376] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = 0 [pid 6375] <... futex resumed>) = 1 [pid 6376] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6375] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... openat resumed>) = 4 [pid 6376] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6376] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 6376] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6375] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... write resumed>) = 12288 [pid 6376] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6376] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6375] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... mmap resumed>) = 0x20000000 [pid 6375] <... futex resumed>) = 0 [pid 6376] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... futex resumed>) = 0 [pid 6375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6376] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 6376] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6375] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6376] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6375] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6377]}, 88) = 6377 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6377 attached NULL, 8) = 0 [pid 6377] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6375] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6377] <... rseq resumed>) = 0 [pid 6376] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6377] set_robust_list(0x7f6d360d69a0, 24 [pid 6376] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6375] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6377] <... set_robust_list resumed>) = 0 [pid 6376] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6376] <... openat resumed>) = 6 [pid 6377] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6376] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6376] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 138.468528][ T6376] loop0: detected capacity change from 0 to 64 [pid 6377] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6375] exit_group(0) = ? [pid 6376] <... futex resumed>) = ? [pid 6376] +++ exited with 0 +++ [pid 6377] <... futex resumed>) = ? [pid 6377] +++ exited with 0 +++ [pid 6375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6375, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./443/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./443/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./443/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./443/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./443/bus") = 0 umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./443/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./443") = 0 mkdir("./444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6378 attached , child_tidptr=0x5555564f6750) = 6378 [pid 6378] set_robust_list(0x5555564f6760, 24) = 0 [pid 6378] chdir("./444") = 0 [pid 6378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6378] setpgid(0, 0) = 0 [pid 6378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6378] write(3, "1000", 4) = 4 [pid 6378] close(3) = 0 [pid 6378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6378] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6378] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6379 attached => {parent_tid=[6379]}, 88) = 6379 [pid 6379] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], [pid 6379] <... rseq resumed>) = 0 [pid 6379] set_robust_list(0x7f6d468e79a0, 24 [pid 6378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6379] <... set_robust_list resumed>) = 0 [pid 6378] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] rt_sigprocmask(SIG_SETMASK, [], [pid 6378] <... futex resumed>) = 0 [pid 6379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6378] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6379] memfd_create("syzkaller", 0) = 3 [pid 6379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6379] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6379] close(3) = 0 [pid 6379] mkdir("./bus", 0777) = 0 [pid 6379] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6379] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6379] chdir("./bus") = 0 [pid 6379] ioctl(4, LOOP_CLR_FD) = 0 [pid 6379] close(4) = 0 [pid 6379] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] memfd_create("syzkaller", 0 [pid 6378] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6379] <... memfd_create resumed>) = 4 [pid 6379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6379] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6379] munmap(0x7f6d360cf000, 32768) = 0 [pid 6379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6379] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6379] ioctl(5, LOOP_CLR_FD) = 0 [pid 6379] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6379] close(5) = 0 [pid 6379] close(4) = 0 [pid 6379] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6379] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = 1 [pid 6379] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 138.588324][ T6379] loop0: detected capacity change from 0 to 64 [pid 6378] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... openat resumed>) = 4 [pid 6379] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6378] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... write resumed>) = 12288 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6379] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6378] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6379] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6378] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... openat resumed>) = 6 [pid 6378] <... futex resumed>) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6379] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... mmap resumed>) = 0x7f6d360b6000 [pid 6378] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6379] <... futex resumed>) = 0 [pid 6378] <... mprotect resumed>) = 0 [pid 6379] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6380 attached [pid 6380] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6378] <... clone3 resumed> => {parent_tid=[6380]}, 88) = 6380 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6378] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] <... rseq resumed>) = 0 [pid 6380] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6380] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6380] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6380] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] <... futex resumed>) = 0 [pid 6378] exit_group(0 [pid 6379] <... futex resumed>) = ? [pid 6380] <... futex resumed>) = ? [pid 6379] +++ exited with 0 +++ [pid 6378] <... exit_group resumed>) = ? [pid 6380] +++ exited with 0 +++ [pid 6378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6378, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./444/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./444/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./444/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./444/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./444/bus") = 0 umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./444/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./444") = 0 mkdir("./445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6381 attached , child_tidptr=0x5555564f6750) = 6381 [pid 6381] set_robust_list(0x5555564f6760, 24) = 0 [pid 6381] chdir("./445") = 0 [pid 6381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6381] setpgid(0, 0) = 0 [pid 6381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6381] write(3, "1000", 4) = 4 [pid 6381] close(3) = 0 [pid 6381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6381] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6381] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6382 attached [pid 6382] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6381] <... clone3 resumed> => {parent_tid=[6382]}, 88) = 6382 [pid 6382] <... rseq resumed>) = 0 [pid 6382] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6382] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6381] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... futex resumed>) = 0 [pid 6381] <... futex resumed>) = 1 [pid 6382] memfd_create("syzkaller", 0) = 3 [pid 6381] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6382] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6382] close(3) = 0 [pid 6382] mkdir("./bus", 0777) = 0 [pid 6382] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6382] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6382] chdir("./bus") = 0 [pid 6382] ioctl(4, LOOP_CLR_FD) = 0 [pid 6382] close(4) = 0 [pid 6382] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] <... futex resumed>) = 0 [pid 6382] <... futex resumed>) = 1 [pid 6381] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] memfd_create("syzkaller", 0 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6382] <... memfd_create resumed>) = 4 [pid 6382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6382] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6382] munmap(0x7f6d360cf000, 32768) = 0 [pid 6382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6382] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6382] ioctl(5, LOOP_CLR_FD) = 0 [pid 6382] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6382] close(5) = 0 [pid 6382] close(4) = 0 [pid 6382] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... openat resumed>) = 4 [pid 6382] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 138.744949][ T6382] loop0: detected capacity change from 0 to 64 [pid 6381] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6382] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... futex resumed>) = 0 [pid 6381] <... futex resumed>) = 1 [pid 6382] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6381] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... mmap resumed>) = 0x20000000 [pid 6382] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6382] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6382] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6381] <... futex resumed>) = 0 [pid 6381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6381] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6382] <... openat resumed>) = 6 [pid 6382] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6383 attached [pid 6382] <... futex resumed>) = 0 [pid 6383] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6381] <... clone3 resumed> => {parent_tid=[6383]}, 88) = 6383 [pid 6383] <... rseq resumed>) = 0 [pid 6381] rt_sigprocmask(SIG_SETMASK, [], [pid 6383] set_robust_list(0x7f6d360d69a0, 24 [pid 6381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6383] <... set_robust_list resumed>) = 0 [pid 6381] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] <... futex resumed>) = 0 [pid 6383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6381] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6382] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6383] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6383] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6383] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] exit_group(0 [pid 6383] <... futex resumed>) = ? [pid 6382] <... futex resumed>) = ? [pid 6381] <... exit_group resumed>) = ? [pid 6383] +++ exited with 0 +++ [pid 6382] +++ exited with 0 +++ [pid 6381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6381, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./445/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./445/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./445/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./445/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./445/bus") = 0 umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./445/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./445") = 0 mkdir("./446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6384 attached , child_tidptr=0x5555564f6750) = 6384 [pid 6384] set_robust_list(0x5555564f6760, 24) = 0 [pid 6384] chdir("./446") = 0 [pid 6384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6384] setpgid(0, 0) = 0 [pid 6384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6384] write(3, "1000", 4) = 4 [pid 6384] close(3) = 0 [pid 6384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6384] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6384] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6385 attached => {parent_tid=[6385]}, 88) = 6385 [pid 6385] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] <... rseq resumed>) = 0 [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6385] set_robust_list(0x7f6d468e79a0, 24 [pid 6384] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... set_robust_list resumed>) = 0 [pid 6384] <... futex resumed>) = 0 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], [pid 6384] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6385] memfd_create("syzkaller", 0) = 3 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6385] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6385] close(3) = 0 [pid 6385] mkdir("./bus", 0777) = 0 [pid 6385] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6385] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6385] chdir("./bus") = 0 [pid 6385] ioctl(4, LOOP_CLR_FD) = 0 [pid 6385] close(4) = 0 [pid 6385] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6385] memfd_create("syzkaller", 0) = 4 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6384] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6385] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6385] munmap(0x7f6d360cf000, 32768) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6385] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6385] ioctl(5, LOOP_CLR_FD) = 0 [pid 6385] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6385] close(5) = 0 [pid 6385] close(4) = 0 [pid 6385] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6384] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... openat resumed>) = 4 [pid 6385] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... futex resumed>) = 1 [pid 6385] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6385] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... futex resumed>) = 1 [pid 6385] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6385] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... futex resumed>) = 1 [pid 6385] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6385] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6385] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6384] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] <... futex resumed>) = 1 [pid 6385] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6384] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6385] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6384] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6386 attached [pid 6385] <... openat resumed>) = 6 [pid 6386] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6384] <... clone3 resumed> => {parent_tid=[6386]}, 88) = 6386 [pid 6386] <... rseq resumed>) = 0 [pid 6386] set_robust_list(0x7f6d360d69a0, 24 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6386] <... set_robust_list resumed>) = 0 [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6386] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6385] <... futex resumed>) = 0 [pid 6384] <... futex resumed>) = 0 [pid 6386] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6385] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6386] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6384] exit_group(0 [pid 6386] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = ? [pid 6385] +++ exited with 0 +++ [pid 6384] <... exit_group resumed>) = ? [pid 6386] +++ exited with 0 +++ [pid 6384] +++ exited with 0 +++ [ 138.904284][ T6385] loop0: detected capacity change from 0 to 64 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6384, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./446", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./446/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./446/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./446/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./446/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./446/bus") = 0 umount2("./446/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./446/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./446") = 0 mkdir("./447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6387 attached , child_tidptr=0x5555564f6750) = 6387 [pid 6387] set_robust_list(0x5555564f6760, 24) = 0 [pid 6387] chdir("./447") = 0 [pid 6387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6387] setpgid(0, 0) = 0 [pid 6387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6387] write(3, "1000", 4) = 4 [pid 6387] close(3) = 0 [pid 6387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6387] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6387] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6388 attached => {parent_tid=[6388]}, 88) = 6388 [pid 6388] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6387] rt_sigprocmask(SIG_SETMASK, [], [pid 6388] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6388] rt_sigprocmask(SIG_SETMASK, [], [pid 6387] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6387] <... futex resumed>) = 0 [pid 6388] memfd_create("syzkaller", 0 [pid 6387] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6388] <... memfd_create resumed>) = 3 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6388] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6388] close(3) = 0 [pid 6388] mkdir("./bus", 0777) = 0 [pid 6388] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6388] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6388] chdir("./bus") = 0 [pid 6388] ioctl(4, LOOP_CLR_FD) = 0 [pid 6388] close(4) = 0 [pid 6388] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6387] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] memfd_create("syzkaller", 0 [pid 6387] <... futex resumed>) = 0 [pid 6387] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6388] <... memfd_create resumed>) = 4 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6388] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6388] munmap(0x7f6d360cf000, 32768) = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6388] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6388] ioctl(5, LOOP_CLR_FD) = 0 [pid 6388] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6388] close(5) = 0 [pid 6388] close(4) = 0 [pid 6388] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6388] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6387] <... futex resumed>) = 0 [pid 6388] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6387] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... openat resumed>) = 4 [pid 6388] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] <... futex resumed>) = 0 [pid 6387] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = 1 [pid 6388] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6387] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6387] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6387] <... futex resumed>) = 0 [pid 6387] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... mmap resumed>) = 0x20000000 [pid 6388] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6387] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6387] <... futex resumed>) = 0 [pid 6388] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6387] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... openat resumed>) = 5 [pid 6388] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... futex resumed>) = 0 [pid 6387] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = 1 [pid 6388] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6387] <... futex resumed>) = 0 [pid 6388] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6387] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] <... openat resumed>) = 6 [pid 6387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6388] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] <... mmap resumed>) = 0x7f6d360b6000 [pid 6387] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6389]}, 88) = 6389 [pid 6387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6387] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6389 attached [pid 6389] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6389] set_robust_list(0x7f6d360d69a0, 24 [pid 6387] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... set_robust_list resumed>) = 0 [ 139.049751][ T6388] loop0: detected capacity change from 0 to 64 [pid 6389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6389] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6389] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6387] <... futex resumed>) = 0 [pid 6389] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] exit_group(0 [pid 6388] <... futex resumed>) = ? [pid 6389] <... futex resumed>) = ? [pid 6387] <... exit_group resumed>) = ? [pid 6388] +++ exited with 0 +++ [pid 6389] +++ exited with 0 +++ [pid 6387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6387, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./447", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./447/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./447/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./447/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./447/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./447/bus") = 0 umount2("./447/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./447/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./447") = 0 mkdir("./448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6390 attached , child_tidptr=0x5555564f6750) = 6390 [pid 6390] set_robust_list(0x5555564f6760, 24) = 0 [pid 6390] chdir("./448") = 0 [pid 6390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6390] setpgid(0, 0) = 0 [pid 6390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6390] write(3, "1000", 4) = 4 [pid 6390] close(3) = 0 [pid 6390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6390] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6390] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6391 attached => {parent_tid=[6391]}, 88) = 6391 [pid 6391] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6390] rt_sigprocmask(SIG_SETMASK, [], [pid 6391] <... rseq resumed>) = 0 [pid 6391] set_robust_list(0x7f6d468e79a0, 24 [pid 6390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6390] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6391] <... set_robust_list resumed>) = 0 [pid 6391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6391] memfd_create("syzkaller", 0) = 3 [pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6391] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6391] close(3) = 0 [pid 6391] mkdir("./bus", 0777) = 0 [pid 6391] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6391] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6391] chdir("./bus") = 0 [pid 6391] ioctl(4, LOOP_CLR_FD) = 0 [pid 6391] close(4) = 0 [pid 6391] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6390] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] memfd_create("syzkaller", 0) = 4 [pid 6390] <... futex resumed>) = 0 [pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6390] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6391] <... mmap resumed>) = 0x7f6d360cf000 [pid 6391] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6391] munmap(0x7f6d360cf000, 32768) = 0 [pid 6391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6391] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6391] ioctl(5, LOOP_CLR_FD) = 0 [pid 6391] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6391] close(5) = 0 [pid 6391] close(4) = 0 [pid 6391] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6390] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6390] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] <... openat resumed>) = 4 [pid 6391] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6390] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6391] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6390] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6391] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = 1 [pid 6390] <... futex resumed>) = 0 [pid 6391] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6390] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6391] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6391] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6390] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6390] <... futex resumed>) = 0 [pid 6391] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6390] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... openat resumed>) = 6 [pid 6390] <... futex resumed>) = 0 [pid 6390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [ 139.168083][ T6391] loop0: detected capacity change from 0 to 64 [pid 6391] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6391] <... futex resumed>) = 0 [pid 6390] <... mprotect resumed>) = 0 [pid 6391] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6392 attached => {parent_tid=[6392]}, 88) = 6392 [pid 6392] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6390] rt_sigprocmask(SIG_SETMASK, [], [pid 6392] <... rseq resumed>) = 0 [pid 6390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6390] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6392] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6392] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6390] <... futex resumed>) = 0 [pid 6392] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] exit_group(0) = ? [pid 6392] <... futex resumed>) = ? [pid 6391] <... futex resumed>) = ? [pid 6391] +++ exited with 0 +++ [pid 6392] +++ exited with 0 +++ [pid 6390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6390, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./448", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./448/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./448/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./448/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./448/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./448/bus") = 0 umount2("./448/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./448/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./448") = 0 mkdir("./449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6393 attached , child_tidptr=0x5555564f6750) = 6393 [pid 6393] set_robust_list(0x5555564f6760, 24) = 0 [pid 6393] chdir("./449") = 0 [pid 6393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6393] setpgid(0, 0) = 0 [pid 6393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6393] write(3, "1000", 4) = 4 [pid 6393] close(3) = 0 [pid 6393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6393] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6393] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6394 attached [pid 6394] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6394] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6394] rt_sigprocmask(SIG_SETMASK, [], [pid 6393] <... clone3 resumed> => {parent_tid=[6394]}, 88) = 6394 [pid 6394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6394] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6393] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... futex resumed>) = 0 [pid 6393] <... futex resumed>) = 1 [pid 6394] memfd_create("syzkaller", 0 [pid 6393] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6394] <... memfd_create resumed>) = 3 [pid 6394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6394] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6394] close(3) = 0 [pid 6394] mkdir("./bus", 0777) = 0 [pid 6394] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6394] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6394] chdir("./bus") = 0 [pid 6394] ioctl(4, LOOP_CLR_FD) = 0 [pid 6394] close(4) = 0 [pid 6394] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6394] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... futex resumed>) = 0 [pid 6393] <... futex resumed>) = 1 [pid 6394] memfd_create("syzkaller", 0 [pid 6393] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6394] <... memfd_create resumed>) = 4 [pid 6394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6394] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6394] munmap(0x7f6d360cf000, 32768) = 0 [pid 6394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6394] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6394] ioctl(5, LOOP_CLR_FD) = 0 [pid 6394] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6394] close(5) = 0 [pid 6394] close(4) = 0 [pid 6394] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6394] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... futex resumed>) = 1 [pid 6394] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6394] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... futex resumed>) = 1 [pid 6394] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6394] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6393] <... futex resumed>) = 0 [pid 6394] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6393] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 139.310404][ T6394] loop0: detected capacity change from 0 to 64 [pid 6394] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6394] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6393] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6395]}, 88) = 6395 ./strace-static-x86_64: Process 6395 attached [pid 6394] <... futex resumed>) = 1 [pid 6393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6393] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6395] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6394] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6395] <... rseq resumed>) = 0 [pid 6395] set_robust_list(0x7f6d360d69a0, 24 [pid 6394] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6395] <... set_robust_list resumed>) = 0 [pid 6395] rt_sigprocmask(SIG_SETMASK, [], [pid 6394] <... openat resumed>) = 6 [pid 6395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6394] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6395] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6394] <... futex resumed>) = 0 [pid 6394] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6395] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6395] <... futex resumed>) = 1 [pid 6393] exit_group(0 [pid 6394] <... futex resumed>) = ? [pid 6393] <... exit_group resumed>) = ? [pid 6395] +++ exited with 0 +++ [pid 6394] +++ exited with 0 +++ [pid 6393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6393, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./449", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./449/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./449/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./449/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./449/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./449/bus") = 0 umount2("./449/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./449/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./449") = 0 mkdir("./450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6396 attached , child_tidptr=0x5555564f6750) = 6396 [pid 6396] set_robust_list(0x5555564f6760, 24) = 0 [pid 6396] chdir("./450") = 0 [pid 6396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6396] setpgid(0, 0) = 0 [pid 6396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6396] write(3, "1000", 4) = 4 [pid 6396] close(3) = 0 [pid 6396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6396] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6396] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6397 attached => {parent_tid=[6397]}, 88) = 6397 [pid 6397] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], [pid 6397] <... rseq resumed>) = 0 [pid 6396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6397] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6396] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] rt_sigprocmask(SIG_SETMASK, [], [pid 6396] <... futex resumed>) = 0 [pid 6397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6396] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6397] memfd_create("syzkaller", 0) = 3 [pid 6397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6397] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6397] close(3) = 0 [pid 6397] mkdir("./bus", 0777) = 0 [pid 6397] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6397] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6397] chdir("./bus") = 0 [pid 6397] ioctl(4, LOOP_CLR_FD) = 0 [pid 6397] close(4) = 0 [pid 6397] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6397] memfd_create("syzkaller", 0 [pid 6396] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6397] <... memfd_create resumed>) = 4 [pid 6397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6397] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6397] munmap(0x7f6d360cf000, 32768) = 0 [pid 6397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6397] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6397] ioctl(5, LOOP_CLR_FD) = 0 [pid 6397] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6397] close(5) = 0 [pid 6397] close(4) = 0 [pid 6397] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6397] <... futex resumed>) = 1 [pid 6396] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6396] <... futex resumed>) = 0 [pid 6397] <... openat resumed>) = 4 [pid 6396] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... futex resumed>) = 1 [pid 6397] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6397] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6397] <... futex resumed>) = 1 [pid 6397] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6396] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... mmap resumed>) = 0x20000000 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6397] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6396] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6397] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6397] <... futex resumed>) = 1 [pid 6396] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6396] <... futex resumed>) = 0 [pid 6397] <... openat resumed>) = 6 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6396] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6397] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6398 attached [pid 6398] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6396] <... clone3 resumed> => {parent_tid=[6398]}, 88) = 6398 [pid 6398] set_robust_list(0x7f6d360d69a0, 24 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], [pid 6398] <... set_robust_list resumed>) = 0 [pid 6396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6398] rt_sigprocmask(SIG_SETMASK, [], [pid 6396] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6396] <... futex resumed>) = 0 [pid 6398] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6396] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6398] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6396] exit_group(0) = ? [pid 6397] <... futex resumed>) = ? [pid 6398] <... futex resumed>) = ? [pid 6397] +++ exited with 0 +++ [pid 6398] +++ exited with 0 +++ [pid 6396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6396, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./450", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 139.430489][ T6397] loop0: detected capacity change from 0 to 64 umount2("./450/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./450/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./450/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./450/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./450/bus") = 0 umount2("./450/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./450/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./450") = 0 mkdir("./451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6399 attached , child_tidptr=0x5555564f6750) = 6399 [pid 6399] set_robust_list(0x5555564f6760, 24) = 0 [pid 6399] chdir("./451") = 0 [pid 6399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6399] setpgid(0, 0) = 0 [pid 6399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6399] write(3, "1000", 4) = 4 [pid 6399] close(3) = 0 [pid 6399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6399] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6399] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6400 attached [pid 6400] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6400] set_robust_list(0x7f6d468e79a0, 24 [pid 6399] <... clone3 resumed> => {parent_tid=[6400]}, 88) = 6400 [pid 6400] <... set_robust_list resumed>) = 0 [pid 6399] rt_sigprocmask(SIG_SETMASK, [], [pid 6400] rt_sigprocmask(SIG_SETMASK, [], [pid 6399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6399] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6400] memfd_create("syzkaller", 0 [pid 6399] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6400] <... memfd_create resumed>) = 3 [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6400] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6400] close(3) = 0 [pid 6400] mkdir("./bus", 0777) = 0 [pid 6400] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6400] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] chdir("./bus") = 0 [pid 6400] ioctl(4, LOOP_CLR_FD) = 0 [pid 6400] close(4) = 0 [pid 6400] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6399] <... futex resumed>) = 0 [pid 6400] memfd_create("syzkaller", 0) = 4 [pid 6399] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6400] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6400] munmap(0x7f6d360cf000, 32768) = 0 [pid 6400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6400] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6400] ioctl(5, LOOP_CLR_FD) = 0 [pid 6400] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6400] close(5) = 0 [pid 6400] close(4) = 0 [pid 6400] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6400] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6400] <... futex resumed>) = 0 [pid 6400] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6399] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 1 [pid 6400] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6400] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 1 [pid 6400] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6400] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6400] <... futex resumed>) = 1 [pid 6399] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6400] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = 1 [pid 6400] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6399] <... futex resumed>) = 0 [pid 6400] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6399] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6400] <... openat resumed>) = 6 [pid 6399] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6400] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6400] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] <... mprotect resumed>) = 0 [pid 6399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6401 attached [pid 6401] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6399] <... clone3 resumed> => {parent_tid=[6401]}, 88) = 6401 [pid 6401] <... rseq resumed>) = 0 [pid 6399] rt_sigprocmask(SIG_SETMASK, [], [pid 6401] set_robust_list(0x7f6d360d69a0, 24 [pid 6399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6401] <... set_robust_list resumed>) = 0 [pid 6399] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6399] <... futex resumed>) = 0 [pid 6401] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6399] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6401] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6401] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6401] <... futex resumed>) = 1 [pid 6399] exit_group(0 [pid 6401] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] <... exit_group resumed>) = ? [pid 6401] <... futex resumed>) = ? [pid 6400] <... futex resumed>) = ? [pid 6401] +++ exited with 0 +++ [ 139.536543][ T6400] loop0: detected capacity change from 0 to 64 [pid 6400] +++ exited with 0 +++ [pid 6399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6399, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./451", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./451/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./451/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./451/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./451/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./451/bus") = 0 umount2("./451/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./451/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./451") = 0 mkdir("./452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6402 attached , child_tidptr=0x5555564f6750) = 6402 [pid 6402] set_robust_list(0x5555564f6760, 24) = 0 [pid 6402] chdir("./452") = 0 [pid 6402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6402] setpgid(0, 0) = 0 [pid 6402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6402] write(3, "1000", 4) = 4 [pid 6402] close(3) = 0 [pid 6402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6402] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6402] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6403]}, 88) = 6403 [pid 6402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6402] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6403 attached [pid 6403] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6403] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6403] memfd_create("syzkaller", 0) = 3 [pid 6403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6403] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6403] close(3) = 0 [pid 6403] mkdir("./bus", 0777) = 0 [pid 6403] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6403] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6403] chdir("./bus") = 0 [pid 6403] ioctl(4, LOOP_CLR_FD) = 0 [pid 6403] close(4) = 0 [pid 6403] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = 0 [pid 6402] <... futex resumed>) = 1 [pid 6403] memfd_create("syzkaller", 0) = 4 [pid 6403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6402] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6403] <... mmap resumed>) = 0x7f6d360cf000 [pid 6403] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6403] munmap(0x7f6d360cf000, 32768) = 0 [pid 6403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6403] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6403] ioctl(5, LOOP_CLR_FD) = 0 [pid 6403] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6403] close(5) = 0 [pid 6403] close(4) = 0 [pid 6403] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6403] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 139.663186][ T6403] loop0: detected capacity change from 0 to 64 [pid 6402] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6403] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6403] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6403] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6403] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = 1 [pid 6403] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6402] <... futex resumed>) = 0 [pid 6403] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6402] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... openat resumed>) = 6 [pid 6402] <... futex resumed>) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6402] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6403] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6404 attached [pid 6404] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6402] <... clone3 resumed> => {parent_tid=[6404]}, 88) = 6404 [pid 6404] <... rseq resumed>) = 0 [pid 6402] rt_sigprocmask(SIG_SETMASK, [], [pid 6404] set_robust_list(0x7f6d360d69a0, 24 [pid 6402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6404] <... set_robust_list resumed>) = 0 [pid 6402] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6402] <... futex resumed>) = 0 [pid 6404] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6402] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6404] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6404] <... futex resumed>) = 1 [pid 6402] exit_group(0 [pid 6404] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6403] <... futex resumed>) = ? [pid 6404] +++ exited with 0 +++ [pid 6403] +++ exited with 0 +++ [pid 6402] <... exit_group resumed>) = ? [pid 6402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6402, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./452", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./452/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./452/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./452/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./452/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./452/bus") = 0 umount2("./452/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./452/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./452") = 0 mkdir("./453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6405 attached , child_tidptr=0x5555564f6750) = 6405 [pid 6405] set_robust_list(0x5555564f6760, 24) = 0 [pid 6405] chdir("./453") = 0 [pid 6405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6405] setpgid(0, 0) = 0 [pid 6405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6405] write(3, "1000", 4) = 4 [pid 6405] close(3) = 0 [pid 6405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6405] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6405] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6406 attached => {parent_tid=[6406]}, 88) = 6406 [pid 6406] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], [pid 6406] set_robust_list(0x7f6d468e79a0, 24 [pid 6405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6406] <... set_robust_list resumed>) = 0 [pid 6405] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] rt_sigprocmask(SIG_SETMASK, [], [pid 6405] <... futex resumed>) = 0 [pid 6406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6405] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6406] memfd_create("syzkaller", 0) = 3 [pid 6406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6406] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6406] close(3) = 0 [pid 6406] mkdir("./bus", 0777) = 0 [pid 6406] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6406] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6406] chdir("./bus") = 0 [pid 6406] ioctl(4, LOOP_CLR_FD) = 0 [pid 6406] close(4) = 0 [pid 6406] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = 0 [pid 6406] <... futex resumed>) = 1 [pid 6405] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] memfd_create("syzkaller", 0 [pid 6405] <... futex resumed>) = 0 [pid 6406] <... memfd_create resumed>) = 4 [pid 6405] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6406] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6406] munmap(0x7f6d360cf000, 32768) = 0 [pid 6406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6406] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6406] ioctl(5, LOOP_CLR_FD) = 0 [pid 6406] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6406] close(5) = 0 [pid 6406] close(4) = 0 [pid 6406] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6406] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6405] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] <... openat resumed>) = 4 [pid 6406] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6406] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6406] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6405] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6406] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6406] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6405] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6406] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6406] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6405] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6405] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [ 139.794711][ T6406] loop0: detected capacity change from 0 to 64 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6406] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6405] <... mmap resumed>) = 0x7f6d360b6000 [pid 6405] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6406] <... openat resumed>) = 6 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6406] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6407 attached ) = 0 [pid 6406] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] <... clone3 resumed> => {parent_tid=[6407]}, 88) = 6407 [pid 6407] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6405] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... rseq resumed>) = 0 [pid 6407] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6407] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6407] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6407] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] exit_group(0 [pid 6406] <... futex resumed>) = ? [pid 6407] <... futex resumed>) = ? [pid 6405] <... exit_group resumed>) = ? [pid 6406] +++ exited with 0 +++ [pid 6407] +++ exited with 0 +++ [pid 6405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6405, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./453", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./453/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./453/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./453/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./453/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./453/bus") = 0 umount2("./453/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./453/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./453") = 0 mkdir("./454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6408 attached , child_tidptr=0x5555564f6750) = 6408 [pid 6408] set_robust_list(0x5555564f6760, 24) = 0 [pid 6408] chdir("./454") = 0 [pid 6408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6408] setpgid(0, 0) = 0 [pid 6408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6408] write(3, "1000", 4) = 4 [pid 6408] close(3) = 0 [pid 6408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6408] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6408] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6409 attached [pid 6409] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6409] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6409] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] <... clone3 resumed> => {parent_tid=[6409]}, 88) = 6409 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6408] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6408] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6409] memfd_create("syzkaller", 0) = 3 [pid 6409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6409] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6409] close(3) = 0 [pid 6409] mkdir("./bus", 0777) = 0 [pid 6409] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6409] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6409] chdir("./bus") = 0 [pid 6409] ioctl(4, LOOP_CLR_FD) = 0 [pid 6409] close(4) = 0 [pid 6409] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] memfd_create("syzkaller", 0 [pid 6408] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] <... memfd_create resumed>) = 4 [pid 6408] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6409] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6409] munmap(0x7f6d360cf000, 32768) = 0 [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6409] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6409] ioctl(5, LOOP_CLR_FD) = 0 [pid 6409] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6409] close(5) = 0 [pid 6409] close(4) = 0 [pid 6409] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 1 [pid 6409] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6408] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... openat resumed>) = 4 [pid 6409] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] <... futex resumed>) = 1 [pid 6408] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [ 139.942077][ T6409] loop0: detected capacity change from 0 to 64 [pid 6409] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 1 [pid 6409] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6409] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 1 [pid 6409] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6408] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6409] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6408] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6408] <... futex resumed>) = 0 [pid 6409] <... openat resumed>) = 6 [pid 6408] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6409] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... mmap resumed>) = 0x7f6d360b6000 [pid 6409] <... futex resumed>) = 0 [pid 6408] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6409] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] <... mprotect resumed>) = 0 [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6410 attached [pid 6410] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6408] <... clone3 resumed> => {parent_tid=[6410]}, 88) = 6410 [pid 6410] <... rseq resumed>) = 0 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], [pid 6410] set_robust_list(0x7f6d360d69a0, 24 [pid 6408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6410] <... set_robust_list resumed>) = 0 [pid 6408] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] rt_sigprocmask(SIG_SETMASK, [], [pid 6408] <... futex resumed>) = 0 [pid 6410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6410] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6408] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6410] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6410] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] exit_group(0 [pid 6410] <... futex resumed>) = ? [pid 6410] +++ exited with 0 +++ [pid 6408] <... exit_group resumed>) = ? [pid 6409] <... futex resumed>) = ? [pid 6409] +++ exited with 0 +++ [pid 6408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6408, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./454", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./454/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./454/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./454/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./454/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./454/bus") = 0 umount2("./454/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./454/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./454") = 0 mkdir("./455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6411 attached , child_tidptr=0x5555564f6750) = 6411 [pid 6411] set_robust_list(0x5555564f6760, 24) = 0 [pid 6411] chdir("./455") = 0 [pid 6411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6411] setpgid(0, 0) = 0 [pid 6411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6411] write(3, "1000", 4) = 4 [pid 6411] close(3) = 0 [pid 6411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6411] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6411] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6412 attached => {parent_tid=[6412]}, 88) = 6412 [pid 6412] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6411] rt_sigprocmask(SIG_SETMASK, [], [pid 6412] <... rseq resumed>) = 0 [pid 6411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6412] set_robust_list(0x7f6d468e79a0, 24 [pid 6411] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... set_robust_list resumed>) = 0 [pid 6411] <... futex resumed>) = 0 [pid 6412] rt_sigprocmask(SIG_SETMASK, [], [pid 6411] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6412] memfd_create("syzkaller", 0) = 3 [pid 6412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6412] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6412] close(3) = 0 [pid 6412] mkdir("./bus", 0777) = 0 [pid 6412] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6412] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6412] chdir("./bus") = 0 [pid 6412] ioctl(4, LOOP_CLR_FD) = 0 [pid 6412] close(4) = 0 [pid 6412] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = 0 [pid 6412] memfd_create("syzkaller", 0 [pid 6411] <... futex resumed>) = 1 [pid 6412] <... memfd_create resumed>) = 4 [pid 6412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6411] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6412] <... mmap resumed>) = 0x7f6d360cf000 [pid 6412] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6412] munmap(0x7f6d360cf000, 32768) = 0 [pid 6412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6412] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6412] ioctl(5, LOOP_CLR_FD) = 0 [pid 6412] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6412] close(5) = 0 [pid 6412] close(4) = 0 [pid 6412] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = 0 [pid 6411] <... futex resumed>) = 1 [pid 6412] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6411] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... openat resumed>) = 4 [pid 6412] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] <... futex resumed>) = 0 [pid 6412] <... futex resumed>) = 1 [pid 6411] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6411] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... write resumed>) = 12288 [pid 6412] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6412] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6412] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6411] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... mmap resumed>) = 0x20000000 [pid 6412] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6412] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6412] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6411] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6412] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] <... futex resumed>) = 0 [pid 6412] <... futex resumed>) = 1 [pid 6411] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6411] <... futex resumed>) = 0 [pid 6412] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6411] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] <... openat resumed>) = 6 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6412] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6412] <... futex resumed>) = 0 [pid 6411] <... mprotect resumed>) = 0 [pid 6412] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6413 attached [pid 6413] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6413] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6411] <... clone3 resumed> => {parent_tid=[6413]}, 88) = 6413 [pid 6413] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6411] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] <... futex resumed>) = 0 [pid 6411] <... futex resumed>) = 1 [pid 6411] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6413] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6413] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6413] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] exit_group(0 [pid 6412] <... futex resumed>) = ? [pid 6413] <... futex resumed>) = ? [pid 6412] +++ exited with 0 +++ [pid 6413] +++ exited with 0 +++ [pid 6411] <... exit_group resumed>) = ? [pid 6411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6411, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 140.063476][ T6412] loop0: detected capacity change from 0 to 64 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./455", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./455/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./455/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./455/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./455/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./455/bus") = 0 umount2("./455/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./455/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./455") = 0 mkdir("./456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6414 ./strace-static-x86_64: Process 6414 attached [pid 6414] set_robust_list(0x5555564f6760, 24) = 0 [pid 6414] chdir("./456") = 0 [pid 6414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6414] setpgid(0, 0) = 0 [pid 6414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6414] write(3, "1000", 4) = 4 [pid 6414] close(3) = 0 [pid 6414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6414] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6414] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6415 attached => {parent_tid=[6415]}, 88) = 6415 [pid 6415] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6414] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] <... rseq resumed>) = 0 [pid 6415] set_robust_list(0x7f6d468e79a0, 24 [pid 6414] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6415] <... set_robust_list resumed>) = 0 [pid 6415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6415] memfd_create("syzkaller", 0) = 3 [pid 6415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6415] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6415] close(3) = 0 [pid 6415] mkdir("./bus", 0777) = 0 [pid 6415] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6415] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6415] chdir("./bus") = 0 [pid 6415] ioctl(4, LOOP_CLR_FD) = 0 [pid 6415] close(4) = 0 [pid 6415] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] memfd_create("syzkaller", 0 [pid 6414] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... memfd_create resumed>) = 4 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6415] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6415] munmap(0x7f6d360cf000, 32768) = 0 [pid 6415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6415] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6415] ioctl(5, LOOP_CLR_FD) = 0 [pid 6415] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6415] close(5) = 0 [pid 6415] close(4) = 0 [pid 6415] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = 0 [pid 6414] <... futex resumed>) = 1 [pid 6414] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6415] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] <... futex resumed>) = 1 [pid 6415] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6415] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] <... futex resumed>) = 1 [pid 6415] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6415] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] <... futex resumed>) = 1 [pid 6415] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6415] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6415] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 140.196581][ T6415] loop0: detected capacity change from 0 to 64 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6414] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6416 attached => {parent_tid=[6416]}, 88) = 6416 [pid 6414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6415] <... futex resumed>) = 1 [pid 6414] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6416] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6415] <... openat resumed>) = 6 [pid 6416] <... rseq resumed>) = 0 [pid 6416] set_robust_list(0x7f6d360d69a0, 24 [pid 6415] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] <... set_robust_list resumed>) = 0 [pid 6416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6416] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6416] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] exit_group(0 [pid 6415] <... futex resumed>) = ? [pid 6414] <... exit_group resumed>) = ? [pid 6416] <... futex resumed>) = ? [pid 6415] +++ exited with 0 +++ [pid 6416] +++ exited with 0 +++ [pid 6414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6414, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./456", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./456/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./456/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./456/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./456/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./456/bus") = 0 umount2("./456/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./456/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./456") = 0 mkdir("./457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6417 attached , child_tidptr=0x5555564f6750) = 6417 [pid 6417] set_robust_list(0x5555564f6760, 24) = 0 [pid 6417] chdir("./457") = 0 [pid 6417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6417] setpgid(0, 0) = 0 [pid 6417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6417] write(3, "1000", 4) = 4 [pid 6417] close(3) = 0 [pid 6417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6417] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6417] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6418 attached [pid 6418] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6417] <... clone3 resumed> => {parent_tid=[6418]}, 88) = 6418 [pid 6418] <... rseq resumed>) = 0 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], [pid 6418] set_robust_list(0x7f6d468e79a0, 24 [pid 6417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] <... set_robust_list resumed>) = 0 [pid 6417] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], [pid 6417] <... futex resumed>) = 0 [pid 6418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6417] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6418] memfd_create("syzkaller", 0) = 3 [pid 6418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6418] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6418] close(3) = 0 [pid 6418] mkdir("./bus", 0777) = 0 [pid 6418] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6418] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6418] chdir("./bus") = 0 [pid 6418] ioctl(4, LOOP_CLR_FD) = 0 [pid 6418] close(4) = 0 [pid 6418] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6418] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = 0 [pid 6417] <... futex resumed>) = 1 [pid 6418] memfd_create("syzkaller", 0 [pid 6417] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6418] <... memfd_create resumed>) = 4 [pid 6418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6418] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6418] munmap(0x7f6d360cf000, 32768) = 0 [pid 6418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6418] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6418] ioctl(5, LOOP_CLR_FD) = 0 [pid 6418] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6418] close(5) = 0 [pid 6418] close(4) = 0 [pid 6418] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... futex resumed>) = 1 [pid 6417] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... openat resumed>) = 4 [pid 6418] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... futex resumed>) = 1 [pid 6417] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6418] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6417] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... write resumed>) = 12288 [pid 6418] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6418] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... mmap resumed>) = 0x20000000 [pid 6417] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6418] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6418] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6418] <... futex resumed>) = 1 [pid 6417] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6417] <... futex resumed>) = 0 [pid 6418] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 140.340250][ T6418] loop0: detected capacity change from 0 to 64 [pid 6417] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... openat resumed>) = 6 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6418] <... futex resumed>) = 0 [pid 6418] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] <... mmap resumed>) = 0x7f6d360b6000 [pid 6417] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6419]}, 88) = 6419 ./strace-static-x86_64: Process 6419 attached [pid 6417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6417] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6419] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6419] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6419] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6419] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6417] exit_group(0 [pid 6419] ???() = ? [pid 6419] +++ exited with 0 +++ [pid 6418] <... futex resumed>) = ? [pid 6417] <... exit_group resumed>) = ? [pid 6418] +++ exited with 0 +++ [pid 6417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6417, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./457", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./457/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./457/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./457/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./457/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./457/bus") = 0 umount2("./457/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./457/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./457") = 0 mkdir("./458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6420 attached , child_tidptr=0x5555564f6750) = 6420 [pid 6420] set_robust_list(0x5555564f6760, 24) = 0 [pid 6420] chdir("./458") = 0 [pid 6420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6420] setpgid(0, 0) = 0 [pid 6420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6420] write(3, "1000", 4) = 4 [pid 6420] close(3) = 0 [pid 6420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6420] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6420] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6421 attached => {parent_tid=[6421]}, 88) = 6421 [pid 6421] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6420] rt_sigprocmask(SIG_SETMASK, [], [pid 6421] set_robust_list(0x7f6d468e79a0, 24 [pid 6420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6420] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] <... set_robust_list resumed>) = 0 [pid 6420] <... futex resumed>) = 0 [pid 6421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6421] memfd_create("syzkaller", 0 [pid 6420] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6421] <... memfd_create resumed>) = 3 [pid 6421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6421] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6421] close(3) = 0 [pid 6421] mkdir("./bus", 0777) = 0 [pid 6421] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6421] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6421] chdir("./bus") = 0 [pid 6421] ioctl(4, LOOP_CLR_FD) = 0 [pid 6421] close(4) = 0 [pid 6421] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6421] memfd_create("syzkaller", 0 [pid 6420] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6421] <... memfd_create resumed>) = 4 [pid 6421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6421] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6421] munmap(0x7f6d360cf000, 32768) = 0 [pid 6421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6421] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6421] ioctl(5, LOOP_CLR_FD) = 0 [pid 6421] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6421] close(5) = 0 [pid 6421] close(4) = 0 [pid 6421] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6421] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6420] <... futex resumed>) = 0 [pid 6421] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6420] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] <... openat resumed>) = 4 [pid 6421] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6421] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6420] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6420] <... futex resumed>) = 0 [pid 6420] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] <... write resumed>) = 12288 [ 140.478482][ T6421] loop0: detected capacity change from 0 to 64 [pid 6421] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] <... futex resumed>) = 0 [pid 6421] <... futex resumed>) = 1 [pid 6420] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6421] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6420] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6421] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6420] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6421] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6421] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6420] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6420] <... futex resumed>) = 0 [pid 6420] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6421] <... openat resumed>) = 6 [pid 6420] <... mmap resumed>) = 0x7f6d360b6000 [pid 6421] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6421] <... futex resumed>) = 0 [pid 6421] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] <... mprotect resumed>) = 0 [pid 6420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6422 attached [pid 6422] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6420] <... clone3 resumed> => {parent_tid=[6422]}, 88) = 6422 [pid 6422] <... rseq resumed>) = 0 [pid 6420] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] set_robust_list(0x7f6d360d69a0, 24 [pid 6420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] <... set_robust_list resumed>) = 0 [pid 6420] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6420] <... futex resumed>) = 0 [pid 6422] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6420] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6422] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6422] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6422] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] exit_group(0 [pid 6422] <... futex resumed>) = ? [pid 6422] +++ exited with 0 +++ [pid 6420] <... exit_group resumed>) = ? [pid 6421] <... futex resumed>) = ? [pid 6421] +++ exited with 0 +++ [pid 6420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6420, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./458", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./458/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./458/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./458/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./458/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./458/bus") = 0 umount2("./458/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./458/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./458") = 0 mkdir("./459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6423 attached , child_tidptr=0x5555564f6750) = 6423 [pid 6423] set_robust_list(0x5555564f6760, 24) = 0 [pid 6423] chdir("./459") = 0 [pid 6423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6423] setpgid(0, 0) = 0 [pid 6423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6423] write(3, "1000", 4) = 4 [pid 6423] close(3) = 0 [pid 6423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6423] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6423] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6424]}, 88) = 6424 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6423] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6424 attached [pid 6423] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6424] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6424] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6424] memfd_create("syzkaller", 0) = 3 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6424] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6424] close(3) = 0 [pid 6424] mkdir("./bus", 0777) = 0 [pid 6424] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6424] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6424] chdir("./bus") = 0 [pid 6424] ioctl(4, LOOP_CLR_FD) = 0 [pid 6424] close(4) = 0 [pid 6424] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [pid 6424] memfd_create("syzkaller", 0 [pid 6423] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6424] <... memfd_create resumed>) = 4 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6424] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6424] munmap(0x7f6d360cf000, 32768) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6424] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6424] ioctl(5, LOOP_CLR_FD) = 0 [pid 6424] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6424] close(5) = 0 [pid 6424] close(4) = 0 [pid 6424] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6424] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] <... futex resumed>) = 0 [pid 6423] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... futex resumed>) = 0 [pid 6423] <... futex resumed>) = 1 [pid 6424] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6424] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6423] <... futex resumed>) = 0 [pid 6424] <... write resumed>) = 12288 [pid 6423] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6423] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6424] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6423] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6423] <... futex resumed>) = 0 [pid 6424] <... openat resumed>) = 5 [pid 6423] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6423] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6423] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6425 attached [pid 6424] <... futex resumed>) = 1 [pid 6424] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6425] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6425] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6424] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6423] <... clone3 resumed> => {parent_tid=[6425]}, 88) = 6425 [pid 6425] rt_sigprocmask(SIG_SETMASK, [], [pid 6424] <... openat resumed>) = 6 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6425] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6424] <... futex resumed>) = 0 [pid 6423] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6424] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6425] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6425] <... futex resumed>) = 1 [pid 6425] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] exit_group(0) = ? [pid 6425] <... futex resumed>) = ? [ 140.628092][ T6424] loop0: detected capacity change from 0 to 64 [pid 6425] +++ exited with 0 +++ [pid 6424] <... futex resumed>) = ? [pid 6424] +++ exited with 0 +++ [pid 6423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6423, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./459", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./459/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./459/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./459/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./459/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./459/bus") = 0 umount2("./459/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./459/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./459") = 0 mkdir("./460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6426 ./strace-static-x86_64: Process 6426 attached [pid 6426] set_robust_list(0x5555564f6760, 24) = 0 [pid 6426] chdir("./460") = 0 [pid 6426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6426] setpgid(0, 0) = 0 [pid 6426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6426] write(3, "1000", 4) = 4 [pid 6426] close(3) = 0 [pid 6426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6426] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6426] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6427 attached => {parent_tid=[6427]}, 88) = 6427 [pid 6427] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6426] rt_sigprocmask(SIG_SETMASK, [], [pid 6427] <... rseq resumed>) = 0 [pid 6427] set_robust_list(0x7f6d468e79a0, 24 [pid 6426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6427] <... set_robust_list resumed>) = 0 [pid 6426] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] rt_sigprocmask(SIG_SETMASK, [], [pid 6426] <... futex resumed>) = 0 [pid 6427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6426] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6427] memfd_create("syzkaller", 0) = 3 [pid 6427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6427] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6427] close(3) = 0 [pid 6427] mkdir("./bus", 0777) = 0 [pid 6427] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6427] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6427] chdir("./bus") = 0 [pid 6427] ioctl(4, LOOP_CLR_FD) = 0 [pid 6427] close(4) = 0 [pid 6427] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6427] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6427] memfd_create("syzkaller", 0) = 4 [pid 6427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6427] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6427] munmap(0x7f6d360cf000, 32768) = 0 [pid 6427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6427] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6427] ioctl(5, LOOP_CLR_FD) = 0 [pid 6427] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6427] close(5) = 0 [pid 6427] close(4) = 0 [pid 6427] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] <... futex resumed>) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6427] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6426] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... openat resumed>) = 4 [pid 6427] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6427] <... futex resumed>) = 1 [pid 6426] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 140.753657][ T6427] loop0: detected capacity change from 0 to 64 [pid 6427] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6427] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6427] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] <... futex resumed>) = 0 [pid 6427] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6426] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... mmap resumed>) = 0x20000000 [pid 6427] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6427] <... futex resumed>) = 1 [pid 6426] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6427] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6427] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] <... futex resumed>) = 0 [pid 6427] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6426] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6426] <... futex resumed>) = 0 [pid 6427] <... openat resumed>) = 6 [pid 6426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6426] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6427] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6427] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6428 attached [pid 6428] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6426] <... clone3 resumed> => {parent_tid=[6428]}, 88) = 6428 [pid 6428] <... rseq resumed>) = 0 [pid 6428] set_robust_list(0x7f6d360d69a0, 24 [pid 6426] rt_sigprocmask(SIG_SETMASK, [], [pid 6428] <... set_robust_list resumed>) = 0 [pid 6426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6428] rt_sigprocmask(SIG_SETMASK, [], [pid 6426] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6426] <... futex resumed>) = 0 [pid 6428] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6426] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6428] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6428] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = 1 [pid 6428] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] exit_group(0 [pid 6428] <... futex resumed>) = ? [pid 6427] <... futex resumed>) = ? [pid 6428] +++ exited with 0 +++ [pid 6427] +++ exited with 0 +++ [pid 6426] <... exit_group resumed>) = ? [pid 6426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6426, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./460", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./460/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./460/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./460/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./460/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./460/bus") = 0 umount2("./460/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./460/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./460") = 0 mkdir("./461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6429 ./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x5555564f6760, 24) = 0 [pid 6429] chdir("./461") = 0 [pid 6429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6429] setpgid(0, 0) = 0 [pid 6429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6429] write(3, "1000", 4) = 4 [pid 6429] close(3) = 0 [pid 6429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6429] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6429] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6430 attached => {parent_tid=[6430]}, 88) = 6430 [pid 6430] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6429] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6430] <... rseq resumed>) = 0 [pid 6430] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6430] memfd_create("syzkaller", 0) = 3 [pid 6430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6430] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6430] close(3) = 0 [pid 6430] mkdir("./bus", 0777) = 0 [pid 6430] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6430] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6430] chdir("./bus") = 0 [pid 6430] ioctl(4, LOOP_CLR_FD) = 0 [pid 6430] close(4) = 0 [pid 6430] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6430] <... futex resumed>) = 1 [pid 6430] memfd_create("syzkaller", 0) = 4 [pid 6430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6430] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6430] munmap(0x7f6d360cf000, 32768) = 0 [pid 6430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6430] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6430] ioctl(5, LOOP_CLR_FD) = 0 [pid 6430] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6430] close(5) = 0 [pid 6430] close(4) = 0 [pid 6430] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6430] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = 0 [pid 6429] <... futex resumed>) = 1 [pid 6430] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6429] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... openat resumed>) = 4 [pid 6430] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6430] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6430] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6429] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6430] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6430] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] <... futex resumed>) = 0 [pid 6429] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = 0 [pid 6429] <... futex resumed>) = 1 [pid 6430] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6429] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6429] <... futex resumed>) = 0 [pid 6430] <... openat resumed>) = 6 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6429] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6430] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... mprotect resumed>) = 0 [pid 6430] <... futex resumed>) = 0 [pid 6429] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6430] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6431 attached [pid 6431] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6431] set_robust_list(0x7f6d360d69a0, 24 [pid 6429] <... clone3 resumed> => {parent_tid=[6431]}, 88) = 6431 [pid 6431] <... set_robust_list resumed>) = 0 [pid 6431] rt_sigprocmask(SIG_SETMASK, [], [pid 6429] rt_sigprocmask(SIG_SETMASK, [], [pid 6431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6431] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6429] <... futex resumed>) = 0 [pid 6431] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6429] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6431] <... futex resumed>) = 0 [ 140.901675][ T6430] loop0: detected capacity change from 0 to 64 [pid 6429] exit_group(0 [pid 6431] exit_group(0 [pid 6430] <... futex resumed>) = ? [pid 6429] <... exit_group resumed>) = ? [pid 6431] +++ exited with 0 +++ [pid 6430] +++ exited with 0 +++ [pid 6429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6429, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./461", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./461/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./461/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./461/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./461/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./461/bus") = 0 umount2("./461/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./461/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./461") = 0 mkdir("./462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6432 attached , child_tidptr=0x5555564f6750) = 6432 [pid 6432] set_robust_list(0x5555564f6760, 24) = 0 [pid 6432] chdir("./462") = 0 [pid 6432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6432] setpgid(0, 0) = 0 [pid 6432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6432] write(3, "1000", 4) = 4 [pid 6432] close(3) = 0 [pid 6432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6432] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6432] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6433 attached [pid 6433] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6433] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6433] rt_sigprocmask(SIG_SETMASK, [], [pid 6432] <... clone3 resumed> => {parent_tid=[6433]}, 88) = 6433 [pid 6432] rt_sigprocmask(SIG_SETMASK, [], [pid 6433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6433] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6432] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... futex resumed>) = 0 [pid 6432] <... futex resumed>) = 1 [pid 6433] memfd_create("syzkaller", 0 [pid 6432] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6433] <... memfd_create resumed>) = 3 [pid 6433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6433] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6433] close(3) = 0 [pid 6433] mkdir("./bus", 0777) = 0 [pid 6433] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6433] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6433] chdir("./bus") = 0 [pid 6433] ioctl(4, LOOP_CLR_FD) = 0 [pid 6433] close(4) = 0 [pid 6433] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6433] <... futex resumed>) = 1 [pid 6433] memfd_create("syzkaller", 0) = 4 [pid 6433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6433] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6433] munmap(0x7f6d360cf000, 32768) = 0 [pid 6433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6433] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6433] ioctl(5, LOOP_CLR_FD) = 0 [pid 6433] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6433] close(5) = 0 [pid 6433] close(4) = 0 [pid 6433] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6433] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... futex resumed>) = 0 [pid 6432] <... futex resumed>) = 1 [pid 6433] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6432] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] <... openat resumed>) = 4 [pid 6433] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... futex resumed>) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6433] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6433] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] <... futex resumed>) = 1 [pid 6433] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6433] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6433] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = 0 [pid 6432] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6433] <... futex resumed>) = 1 [pid 6432] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6433] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6432] <... mprotect resumed>) = 0 [pid 6433] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6434 attached [pid 6434] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6434] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6432] <... clone3 resumed> => {parent_tid=[6434]}, 88) = 6434 [pid 6434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6433] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] rt_sigprocmask(SIG_SETMASK, [], [pid 6433] <... futex resumed>) = 0 [pid 6432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6434] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6433] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6432] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6432] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6434] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6434] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = 0 [pid 6434] <... futex resumed>) = 1 [pid 6434] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 141.023111][ T6433] loop0: detected capacity change from 0 to 64 [pid 6432] exit_group(0 [pid 6434] <... futex resumed>) = ? [pid 6433] <... futex resumed>) = ? [pid 6432] <... exit_group resumed>) = ? [pid 6434] +++ exited with 0 +++ [pid 6433] +++ exited with 0 +++ [pid 6432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6432, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./462", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./462/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./462/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./462/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./462/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./462/bus") = 0 umount2("./462/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./462/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./462") = 0 mkdir("./463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6435 attached , child_tidptr=0x5555564f6750) = 6435 [pid 6435] set_robust_list(0x5555564f6760, 24) = 0 [pid 6435] chdir("./463") = 0 [pid 6435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6435] setpgid(0, 0) = 0 [pid 6435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6435] write(3, "1000", 4) = 4 [pid 6435] close(3) = 0 [pid 6435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6435] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6435] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6436 attached [pid 6436] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6436] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6436] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] <... clone3 resumed> => {parent_tid=[6436]}, 88) = 6436 [pid 6435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6435] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 0 [pid 6435] <... futex resumed>) = 1 [pid 6436] memfd_create("syzkaller", 0 [pid 6435] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6436] <... memfd_create resumed>) = 3 [pid 6436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6436] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6436] close(3) = 0 [pid 6436] mkdir("./bus", 0777) = 0 [pid 6436] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6436] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6436] chdir("./bus") = 0 [pid 6436] ioctl(4, LOOP_CLR_FD) = 0 [pid 6436] close(4) = 0 [pid 6436] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6436] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6436] memfd_create("syzkaller", 0 [pid 6435] <... futex resumed>) = 0 [pid 6436] <... memfd_create resumed>) = 4 [pid 6435] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6436] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6436] munmap(0x7f6d360cf000, 32768) = 0 [pid 6436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6436] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6436] ioctl(5, LOOP_CLR_FD) = 0 [pid 6436] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6436] close(5) = 0 [pid 6436] close(4) = 0 [pid 6436] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6436] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6435] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... openat resumed>) = 4 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] <... futex resumed>) = 1 [pid 6435] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6436] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] <... futex resumed>) = 1 [pid 6435] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6436] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] <... futex resumed>) = 1 [pid 6436] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6435] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6436] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6436] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6436] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6435] <... mmap resumed>) = 0x7f6d360b6000 [pid 6436] <... openat resumed>) = 6 [pid 6435] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6436] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6437 attached [pid 6436] <... futex resumed>) = 0 [pid 6437] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6436] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6437] set_robust_list(0x7f6d360d69a0, 24 [pid 6435] <... clone3 resumed> => {parent_tid=[6437]}, 88) = 6437 [pid 6437] <... set_robust_list resumed>) = 0 [pid 6435] rt_sigprocmask(SIG_SETMASK, [], [pid 6437] rt_sigprocmask(SIG_SETMASK, [], [pid 6435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6435] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6437] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6437] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6437] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 141.143218][ T6436] loop0: detected capacity change from 0 to 64 [pid 6435] exit_group(0 [pid 6437] <... futex resumed>) = ? [pid 6436] <... futex resumed>) = ? [pid 6435] <... exit_group resumed>) = ? [pid 6437] +++ exited with 0 +++ [pid 6436] +++ exited with 0 +++ [pid 6435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6435, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./463", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./463/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./463/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./463/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./463/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./463/bus") = 0 umount2("./463/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./463/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./463") = 0 mkdir("./464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6438 attached , child_tidptr=0x5555564f6750) = 6438 [pid 6438] set_robust_list(0x5555564f6760, 24) = 0 [pid 6438] chdir("./464") = 0 [pid 6438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6438] setpgid(0, 0) = 0 [pid 6438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6438] write(3, "1000", 4) = 4 [pid 6438] close(3) = 0 [pid 6438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6438] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6438] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6439 attached => {parent_tid=[6439]}, 88) = 6439 [pid 6439] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6439] set_robust_list(0x7f6d468e79a0, 24 [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6439] <... set_robust_list resumed>) = 0 [pid 6438] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] rt_sigprocmask(SIG_SETMASK, [], [pid 6438] <... futex resumed>) = 0 [pid 6439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] memfd_create("syzkaller", 0) = 3 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6439] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6439] close(3) = 0 [pid 6439] mkdir("./bus", 0777) = 0 [pid 6439] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6439] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6439] chdir("./bus") = 0 [pid 6439] ioctl(4, LOOP_CLR_FD) = 0 [pid 6439] close(4) = 0 [pid 6439] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6438] <... futex resumed>) = 0 [pid 6439] memfd_create("syzkaller", 0 [pid 6438] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] <... memfd_create resumed>) = 4 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6439] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6439] munmap(0x7f6d360cf000, 32768) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6439] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6439] ioctl(5, LOOP_CLR_FD) = 0 [pid 6439] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6439] close(5) = 0 [pid 6439] close(4) = 0 [pid 6439] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6438] <... futex resumed>) = 0 [pid 6439] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6438] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... openat resumed>) = 4 [pid 6439] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6438] <... futex resumed>) = 0 [pid 6439] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6438] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... write resumed>) = 12288 [pid 6439] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6438] <... futex resumed>) = 0 [ 141.256663][ T6439] loop0: detected capacity change from 0 to 64 [pid 6439] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6438] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... mmap resumed>) = 0x20000000 [pid 6439] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6439] <... futex resumed>) = 0 [pid 6438] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6438] <... futex resumed>) = 0 [pid 6439] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6438] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... openat resumed>) = 5 [pid 6439] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6439] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6438] <... futex resumed>) = 0 [pid 6439] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6438] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6438] <... futex resumed>) = 0 [pid 6438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6439] <... openat resumed>) = 6 [pid 6438] <... mmap resumed>) = 0x7f6d360b6000 [pid 6439] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6440 attached [pid 6440] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6438] <... clone3 resumed> => {parent_tid=[6440]}, 88) = 6440 [pid 6440] <... rseq resumed>) = 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6440] set_robust_list(0x7f6d360d69a0, 24 [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6440] <... set_robust_list resumed>) = 0 [pid 6438] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] rt_sigprocmask(SIG_SETMASK, [], [pid 6438] <... futex resumed>) = 0 [pid 6440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6440] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6440] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] exit_group(0 [pid 6440] <... futex resumed>) = ? [pid 6439] <... futex resumed>) = ? [pid 6438] <... exit_group resumed>) = ? [pid 6440] +++ exited with 0 +++ [pid 6439] +++ exited with 0 +++ [pid 6438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6438, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./464", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./464/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./464/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./464/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./464/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/bus") = 0 umount2("./464/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./464/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6441 attached , child_tidptr=0x5555564f6750) = 6441 [pid 6441] set_robust_list(0x5555564f6760, 24) = 0 [pid 6441] chdir("./465") = 0 [pid 6441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6441] setpgid(0, 0) = 0 [pid 6441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6441] write(3, "1000", 4) = 4 [pid 6441] close(3) = 0 [pid 6441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6441] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6441] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6442 attached [pid 6442] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6442] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6442] rt_sigprocmask(SIG_SETMASK, [], [pid 6441] <... clone3 resumed> => {parent_tid=[6442]}, 88) = 6442 [pid 6442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6441] rt_sigprocmask(SIG_SETMASK, [], [pid 6442] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6441] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6441] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6442] memfd_create("syzkaller", 0) = 3 [pid 6442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6442] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6442] close(3) = 0 [pid 6442] mkdir("./bus", 0777) = 0 [pid 6442] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6442] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6442] chdir("./bus") = 0 [pid 6442] ioctl(4, LOOP_CLR_FD) = 0 [pid 6442] close(4) = 0 [pid 6442] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6441] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6442] memfd_create("syzkaller", 0) = 4 [pid 6442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6442] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6442] munmap(0x7f6d360cf000, 32768) = 0 [pid 6442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6442] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6442] ioctl(5, LOOP_CLR_FD) = 0 [pid 6442] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6442] close(5) = 0 [pid 6442] close(4) = 0 [pid 6442] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6441] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... openat resumed>) = 4 [pid 6442] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6441] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... write resumed>) = 12288 [pid 6442] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6441] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6441] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6442] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6442] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6441] <... futex resumed>) = 0 [pid 6442] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6441] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6442] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6442] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6441] <... futex resumed>) = 0 [pid 6442] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6441] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6441] <... futex resumed>) = 0 [pid 6442] <... openat resumed>) = 6 [pid 6441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6442] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] <... mmap resumed>) = 0x7f6d360b6000 [pid 6442] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6443 attached => {parent_tid=[6443]}, 88) = 6443 [pid 6443] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6443] set_robust_list(0x7f6d360d69a0, 24 [pid 6441] rt_sigprocmask(SIG_SETMASK, [], [pid 6443] <... set_robust_list resumed>) = 0 [pid 6441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6443] rt_sigprocmask(SIG_SETMASK, [], [pid 6441] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6443] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6443] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [ 141.412424][ T6442] loop0: detected capacity change from 0 to 64 [pid 6443] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] exit_group(0 [pid 6443] <... futex resumed>) = ? [pid 6442] <... futex resumed>) = ? [pid 6441] <... exit_group resumed>) = ? [pid 6443] +++ exited with 0 +++ [pid 6442] +++ exited with 0 +++ [pid 6441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6441, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./465", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./465/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./465/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./465/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./465/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./465/bus") = 0 umount2("./465/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./465/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6444 attached , child_tidptr=0x5555564f6750) = 6444 [pid 6444] set_robust_list(0x5555564f6760, 24) = 0 [pid 6444] chdir("./466") = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6444] setpgid(0, 0) = 0 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6444] write(3, "1000", 4) = 4 [pid 6444] close(3) = 0 [pid 6444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6444] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6444] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6445 attached [pid 6445] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6444] <... clone3 resumed> => {parent_tid=[6445]}, 88) = 6445 [pid 6445] <... rseq resumed>) = 0 [pid 6445] set_robust_list(0x7f6d468e79a0, 24 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], [pid 6445] <... set_robust_list resumed>) = 0 [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6445] rt_sigprocmask(SIG_SETMASK, [], [pid 6444] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6445] memfd_create("syzkaller", 0 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6445] <... memfd_create resumed>) = 3 [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6445] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6445] close(3) = 0 [pid 6445] mkdir("./bus", 0777) = 0 [pid 6445] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6445] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] chdir("./bus") = 0 [pid 6445] ioctl(4, LOOP_CLR_FD) = 0 [pid 6445] close(4) = 0 [pid 6445] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6445] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6445] <... futex resumed>) = 0 [pid 6445] memfd_create("syzkaller", 0 [pid 6444] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6445] <... memfd_create resumed>) = 4 [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6445] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6445] munmap(0x7f6d360cf000, 32768) = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6445] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] ioctl(5, LOOP_CLR_FD) = 0 [pid 6445] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6445] close(5) = 0 [pid 6445] close(4) = 0 [pid 6445] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6444] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... openat resumed>) = 4 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] <... futex resumed>) = 1 [pid 6444] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6445] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] <... futex resumed>) = 1 [pid 6444] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6445] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6445] <... futex resumed>) = 1 [ 141.532609][ T6445] loop0: detected capacity change from 0 to 64 [pid 6444] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6445] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6445] <... futex resumed>) = 1 [pid 6444] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6444] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6445] <... openat resumed>) = 6 [pid 6444] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6445] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] <... mprotect resumed>) = 0 [pid 6445] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6446 attached [pid 6446] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6446] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6446] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... clone3 resumed> => {parent_tid=[6446]}, 88) = 6446 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6444] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [pid 6444] <... futex resumed>) = 1 [pid 6446] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6444] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6446] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6446] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] exit_group(0) = ? [pid 6445] <... futex resumed>) = ? [pid 6446] <... futex resumed>) = ? [pid 6446] +++ exited with 0 +++ [pid 6445] +++ exited with 0 +++ [pid 6444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6444, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./466", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./466/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./466/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./466/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./466/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./466/bus") = 0 umount2("./466/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./466/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./466") = 0 mkdir("./467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6447 attached [pid 6447] set_robust_list(0x5555564f6760, 24) = 0 [pid 6447] chdir("./467") = 0 [pid 6447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6447] setpgid(0, 0) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6447 [pid 6447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6447] write(3, "1000", 4) = 4 [pid 6447] close(3) = 0 [pid 6447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6447] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6447] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6448 attached [pid 6448] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6448] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6448] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... clone3 resumed> => {parent_tid=[6448]}, 88) = 6448 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6447] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6447] <... futex resumed>) = 1 [pid 6448] memfd_create("syzkaller", 0 [pid 6447] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6448] <... memfd_create resumed>) = 3 [pid 6448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6448] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6448] close(3) = 0 [pid 6448] mkdir("./bus", 0777) = 0 [pid 6448] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6448] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6448] chdir("./bus") = 0 [pid 6448] ioctl(4, LOOP_CLR_FD) = 0 [pid 6448] close(4) = 0 [pid 6448] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6448] <... futex resumed>) = 1 [pid 6447] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] memfd_create("syzkaller", 0 [pid 6447] <... futex resumed>) = 0 [pid 6448] <... memfd_create resumed>) = 4 [pid 6447] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6448] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6448] munmap(0x7f6d360cf000, 32768) = 0 [pid 6448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6448] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6448] ioctl(5, LOOP_CLR_FD) = 0 [pid 6448] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6448] close(5) = 0 [pid 6448] close(4) = 0 [pid 6448] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6448] <... futex resumed>) = 1 [pid 6448] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6447] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6447] <... futex resumed>) = 0 [pid 6448] <... openat resumed>) = 4 [pid 6447] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... futex resumed>) = 1 [pid 6448] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6448] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6448] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6448] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6447] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6448] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] <... futex resumed>) = 1 [pid 6447] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6447] <... futex resumed>) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6448] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6447] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6448] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... mprotect resumed>) = 0 [pid 6447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6448] <... futex resumed>) = 0 [pid 6447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6448] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6449 attached [pid 6447] <... clone3 resumed> => {parent_tid=[6449]}, 88) = 6449 [pid 6449] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], [pid 6449] <... rseq resumed>) = 0 [pid 6447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6449] set_robust_list(0x7f6d360d69a0, 24 [pid 6447] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] <... set_robust_list resumed>) = 0 [pid 6447] <... futex resumed>) = 0 [pid 6449] rt_sigprocmask(SIG_SETMASK, [], [pid 6447] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6449] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6449] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] <... futex resumed>) = 0 [pid 6449] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] exit_group(0 [pid 6449] <... futex resumed>) = ? [pid 6448] <... futex resumed>) = ? [pid 6449] +++ exited with 0 +++ [pid 6448] +++ exited with 0 +++ [pid 6447] <... exit_group resumed>) = ? [pid 6447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6447, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./467", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 141.670205][ T6448] loop0: detected capacity change from 0 to 64 umount2("./467/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./467/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./467/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./467/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./467/bus") = 0 umount2("./467/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./467/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./467") = 0 mkdir("./468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6450 attached , child_tidptr=0x5555564f6750) = 6450 [pid 6450] set_robust_list(0x5555564f6760, 24) = 0 [pid 6450] chdir("./468") = 0 [pid 6450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6450] setpgid(0, 0) = 0 [pid 6450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6450] write(3, "1000", 4) = 4 [pid 6450] close(3) = 0 [pid 6450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6450] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6450] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6451]}, 88) = 6451 [pid 6450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6450] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6451 attached [pid 6451] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6450] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6451] memfd_create("syzkaller", 0) = 3 [pid 6451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6451] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6451] close(3) = 0 [pid 6451] mkdir("./bus", 0777) = 0 [pid 6451] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6451] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6451] chdir("./bus") = 0 [pid 6451] ioctl(4, LOOP_CLR_FD) = 0 [pid 6451] close(4) = 0 [pid 6451] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] <... futex resumed>) = 0 [pid 6451] memfd_create("syzkaller", 0 [pid 6450] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] <... memfd_create resumed>) = 4 [pid 6451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6451] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6451] munmap(0x7f6d360cf000, 32768) = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6451] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6451] ioctl(5, LOOP_CLR_FD) = 0 [pid 6451] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6451] close(5) = 0 [pid 6451] close(4) = 0 [pid 6451] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6451] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6450] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... write resumed>) = 12288 [pid 6451] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... futex resumed>) = 0 [pid 6451] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6451] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] <... futex resumed>) = 0 [pid 6451] <... futex resumed>) = 1 [pid 6450] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6451] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6451] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6450] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6450] <... futex resumed>) = 0 [pid 6451] <... openat resumed>) = 6 [pid 6450] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6451] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... mmap resumed>) = 0x7f6d360b6000 [pid 6450] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6452 attached => {parent_tid=[6452]}, 88) = 6452 [pid 6452] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6450] rt_sigprocmask(SIG_SETMASK, [], [pid 6452] <... rseq resumed>) = 0 [pid 6450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6452] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6450] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6452] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6452] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6452] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] exit_group(0 [pid 6452] <... futex resumed>) = ? [pid 6450] <... exit_group resumed>) = ? [pid 6452] +++ exited with 0 +++ [pid 6451] <... futex resumed>) = ? [ 141.789587][ T6451] loop0: detected capacity change from 0 to 64 [pid 6451] +++ exited with 0 +++ [pid 6450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6450, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./468", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./468/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./468/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./468/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./468/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./468/bus") = 0 umount2("./468/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./468/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./468") = 0 mkdir("./469", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6453 attached , child_tidptr=0x5555564f6750) = 6453 [pid 6453] set_robust_list(0x5555564f6760, 24) = 0 [pid 6453] chdir("./469") = 0 [pid 6453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6453] setpgid(0, 0) = 0 [pid 6453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6453] write(3, "1000", 4) = 4 [pid 6453] close(3) = 0 [pid 6453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6453] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6453] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6454 attached => {parent_tid=[6454]}, 88) = 6454 [pid 6454] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], [pid 6454] <... rseq resumed>) = 0 [pid 6453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6454] set_robust_list(0x7f6d468e79a0, 24 [pid 6453] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... set_robust_list resumed>) = 0 [pid 6454] rt_sigprocmask(SIG_SETMASK, [], [pid 6453] <... futex resumed>) = 0 [pid 6454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6453] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6454] memfd_create("syzkaller", 0) = 3 [pid 6454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6454] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6454] close(3) = 0 [pid 6454] mkdir("./bus", 0777) = 0 [pid 6454] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6454] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6454] chdir("./bus") = 0 [pid 6454] ioctl(4, LOOP_CLR_FD) = 0 [pid 6454] close(4) = 0 [pid 6454] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6454] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6454] memfd_create("syzkaller", 0 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6454] <... memfd_create resumed>) = 4 [pid 6454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6454] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6454] munmap(0x7f6d360cf000, 32768) = 0 [pid 6454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6454] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6454] ioctl(5, LOOP_CLR_FD) = 0 [pid 6454] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6454] close(5) = 0 [pid 6454] close(4) = 0 [pid 6454] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6453] <... futex resumed>) = 0 [pid 6454] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6453] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... openat resumed>) = 4 [pid 6454] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... futex resumed>) = 0 [pid 6453] <... futex resumed>) = 1 [pid 6454] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6453] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... write resumed>) = 12288 [pid 6454] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6453] <... futex resumed>) = 0 [pid 6454] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6453] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... mmap resumed>) = 0x20000000 [pid 6454] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6453] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6453] <... futex resumed>) = 0 [pid 6454] <... openat resumed>) = 5 [pid 6453] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6454] <... futex resumed>) = 1 [pid 6454] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6453] <... mmap resumed>) = 0x7f6d360b6000 [pid 6454] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6453] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6454] <... openat resumed>) = 6 [pid 6453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6455 attached [pid 6454] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6454] <... futex resumed>) = 0 [pid 6453] <... clone3 resumed> => {parent_tid=[6455]}, 88) = 6455 [pid 6455] <... rseq resumed>) = 0 [ 141.889299][ T6454] loop0: detected capacity change from 0 to 64 [pid 6454] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6455] set_robust_list(0x7f6d360d69a0, 24 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], [pid 6455] <... set_robust_list resumed>) = 0 [pid 6453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6455] rt_sigprocmask(SIG_SETMASK, [], [pid 6453] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6455] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6453] <... futex resumed>) = 0 [pid 6455] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6453] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6455] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6453] exit_group(0 [pid 6454] <... futex resumed>) = ? [pid 6453] <... exit_group resumed>) = ? [pid 6455] <... futex resumed>) = ? [pid 6454] +++ exited with 0 +++ [pid 6455] +++ exited with 0 +++ [pid 6453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6453, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./469", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./469/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./469/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./469/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./469/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./469/bus") = 0 umount2("./469/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./469/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./469") = 0 mkdir("./470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6456 attached [pid 6456] set_robust_list(0x5555564f6760, 24) = 0 [pid 6456] chdir("./470") = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6456 [pid 6456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6456] setpgid(0, 0) = 0 [pid 6456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6456] write(3, "1000", 4) = 4 [pid 6456] close(3) = 0 [pid 6456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6456] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6456] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6457]}, 88) = 6457 [pid 6456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6456] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6457 attached [pid 6457] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6457] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6457] memfd_create("syzkaller", 0) = 3 [pid 6457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6457] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6457] close(3) = 0 [pid 6457] mkdir("./bus", 0777) = 0 [pid 6457] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6457] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6457] chdir("./bus") = 0 [pid 6457] ioctl(4, LOOP_CLR_FD) = 0 [pid 6457] close(4) = 0 [pid 6457] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... futex resumed>) = 0 [pid 6457] memfd_create("syzkaller", 0) = 4 [pid 6457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6457] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6457] munmap(0x7f6d360cf000, 32768) = 0 [pid 6457] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6456] <... futex resumed>) = 1 [pid 6457] <... openat resumed>) = 5 [pid 6457] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6457] ioctl(5, LOOP_CLR_FD [pid 6456] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6457] <... ioctl resumed>) = 0 [pid 6457] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6457] close(5) = 0 [pid 6457] close(4) = 0 [pid 6457] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... futex resumed>) = 1 [pid 6457] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6457] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... futex resumed>) = 1 [pid 6457] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6457] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6456] <... futex resumed>) = 0 [pid 6457] <... mmap resumed>) = 0x20000000 [pid 6456] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... futex resumed>) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6457] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6456] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6457] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... futex resumed>) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6457] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6456] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6456] <... futex resumed>) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6457] <... openat resumed>) = 6 [pid 6456] <... mmap resumed>) = 0x7f6d360b6000 [pid 6456] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6457] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6457] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6458 attached => {parent_tid=[6458]}, 88) = 6458 [pid 6458] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6456] rt_sigprocmask(SIG_SETMASK, [], [pid 6458] <... rseq resumed>) = 0 [pid 6456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] set_robust_list(0x7f6d360d69a0, 24 [pid 6456] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... set_robust_list resumed>) = 0 [pid 6456] <... futex resumed>) = 0 [pid 6458] rt_sigprocmask(SIG_SETMASK, [], [pid 6456] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6458] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... futex resumed>) = 0 [pid 6458] <... futex resumed>) = 1 [pid 6456] exit_group(0 [pid 6458] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6458] +++ exited with 0 +++ [pid 6457] <... futex resumed>) = ? [pid 6456] <... exit_group resumed>) = ? [pid 6457] +++ exited with 0 +++ [pid 6456] +++ exited with 0 +++ [ 142.007860][ T6457] loop0: detected capacity change from 0 to 64 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6456, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./470", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./470/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./470/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./470/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./470/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./470/bus") = 0 umount2("./470/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./470/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./470") = 0 mkdir("./471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6459 attached , child_tidptr=0x5555564f6750) = 6459 [pid 6459] set_robust_list(0x5555564f6760, 24) = 0 [pid 6459] chdir("./471") = 0 [pid 6459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6459] setpgid(0, 0) = 0 [pid 6459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6459] write(3, "1000", 4) = 4 [pid 6459] close(3) = 0 [pid 6459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6459] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6459] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6460]}, 88) = 6460 ./strace-static-x86_64: Process 6460 attached [pid 6459] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6460] <... rseq resumed>) = 0 [pid 6460] set_robust_list(0x7f6d468e79a0, 24 [pid 6459] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... set_robust_list resumed>) = 0 [pid 6459] <... futex resumed>) = 0 [pid 6460] rt_sigprocmask(SIG_SETMASK, [], [pid 6459] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6460] memfd_create("syzkaller", 0) = 3 [pid 6460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6460] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6460] close(3) = 0 [pid 6460] mkdir("./bus", 0777) = 0 [pid 6460] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6460] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6460] chdir("./bus") = 0 [pid 6460] ioctl(4, LOOP_CLR_FD) = 0 [pid 6460] close(4) = 0 [pid 6460] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6460] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6459] <... futex resumed>) = 0 [pid 6460] memfd_create("syzkaller", 0) = 4 [pid 6459] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6460] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6460] munmap(0x7f6d360cf000, 32768) = 0 [pid 6460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6460] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6460] ioctl(5, LOOP_CLR_FD) = 0 [pid 6460] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6460] close(5) = 0 [pid 6460] close(4) = 0 [pid 6460] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... openat resumed>) = 4 [pid 6460] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6460] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6459] <... futex resumed>) = 0 [pid 6460] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6459] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... write resumed>) = 12288 [pid 6460] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... mmap resumed>) = 0x20000000 [pid 6460] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6459] <... futex resumed>) = 0 [pid 6460] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6459] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... openat resumed>) = 5 [pid 6460] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6459] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6459] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6460] <... openat resumed>) = 6 [pid 6459] <... mprotect resumed>) = 0 [pid 6460] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6460] <... futex resumed>) = 0 [pid 6459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6460] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6461 attached [pid 6461] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6459] <... clone3 resumed> => {parent_tid=[6461]}, 88) = 6461 [pid 6461] <... rseq resumed>) = 0 [pid 6461] set_robust_list(0x7f6d360d69a0, 24 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], [pid 6461] <... set_robust_list resumed>) = 0 [pid 6461] rt_sigprocmask(SIG_SETMASK, [], [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6459] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6461] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 142.129812][ T6460] loop0: detected capacity change from 0 to 64 [pid 6461] <... futex resumed>) = 0 [pid 6459] exit_group(0 [pid 6461] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6460] <... futex resumed>) = ? [pid 6459] <... exit_group resumed>) = ? [pid 6461] +++ exited with 0 +++ [pid 6460] +++ exited with 0 +++ [pid 6459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6459, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./471", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./471/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./471/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./471/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./471/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./471/bus") = 0 umount2("./471/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./471/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./471") = 0 mkdir("./472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6462 attached , child_tidptr=0x5555564f6750) = 6462 [pid 6462] set_robust_list(0x5555564f6760, 24) = 0 [pid 6462] chdir("./472") = 0 [pid 6462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6462] setpgid(0, 0) = 0 [pid 6462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6462] write(3, "1000", 4) = 4 [pid 6462] close(3) = 0 [pid 6462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6462] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6462] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6463 attached [pid 6463] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6462] <... clone3 resumed> => {parent_tid=[6463]}, 88) = 6463 [pid 6463] <... rseq resumed>) = 0 [pid 6462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6463] set_robust_list(0x7f6d468e79a0, 24 [pid 6462] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... set_robust_list resumed>) = 0 [pid 6462] <... futex resumed>) = 0 [pid 6463] rt_sigprocmask(SIG_SETMASK, [], [pid 6462] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6463] memfd_create("syzkaller", 0) = 3 [pid 6463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6463] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6463] close(3) = 0 [pid 6463] mkdir("./bus", 0777) = 0 [pid 6463] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6463] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6463] chdir("./bus") = 0 [pid 6463] ioctl(4, LOOP_CLR_FD) = 0 [pid 6463] close(4) = 0 [pid 6463] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = 0 [pid 6462] <... futex resumed>) = 1 [pid 6463] memfd_create("syzkaller", 0) = 4 [pid 6463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6463] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6463] munmap(0x7f6d360cf000, 32768) = 0 [pid 6462] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6463] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6463] ioctl(5, LOOP_CLR_FD) = 0 [pid 6463] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6463] close(5) = 0 [pid 6463] close(4) = 0 [pid 6463] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6462] <... futex resumed>) = 0 [pid 6463] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6462] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... openat resumed>) = 4 [pid 6463] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6462] <... futex resumed>) = 0 [pid 6463] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6462] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... write resumed>) = 12288 [pid 6463] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6462] <... futex resumed>) = 0 [pid 6463] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6462] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... mmap resumed>) = 0x20000000 [pid 6463] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... futex resumed>) = 1 [pid 6463] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6463] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6463] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6462] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6463] <... futex resumed>) = 1 [pid 6462] <... mprotect resumed>) = 0 [pid 6463] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6462] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6463] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6462] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6463] <... openat resumed>) = 6 [pid 6462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6464 attached => {parent_tid=[6464]}, 88) = 6464 [pid 6464] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6462] rt_sigprocmask(SIG_SETMASK, [], [pid 6464] <... rseq resumed>) = 0 [pid 6462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6464] set_robust_list(0x7f6d360d69a0, 24 [pid 6463] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] <... set_robust_list resumed>) = 0 [pid 6463] <... futex resumed>) = 0 [pid 6462] <... futex resumed>) = 0 [pid 6464] rt_sigprocmask(SIG_SETMASK, [], [pid 6463] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6464] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 142.272306][ T6463] loop0: detected capacity change from 0 to 64 [pid 6464] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6464] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = 0 [pid 6462] exit_group(0) = ? [pid 6463] <... futex resumed>) = ? [pid 6463] +++ exited with 0 +++ [pid 6464] <... futex resumed>) = ? [pid 6464] +++ exited with 0 +++ [pid 6462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6462, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./472", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./472/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./472/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./472/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./472/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./472/bus") = 0 umount2("./472/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./472/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./472") = 0 mkdir("./473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6465 attached , child_tidptr=0x5555564f6750) = 6465 [pid 6465] set_robust_list(0x5555564f6760, 24) = 0 [pid 6465] chdir("./473") = 0 [pid 6465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6465] setpgid(0, 0) = 0 [pid 6465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6465] write(3, "1000", 4) = 4 [pid 6465] close(3) = 0 [pid 6465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6465] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6465] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6466]}, 88) = 6466 [pid 6465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6465] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6466 attached [pid 6466] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6466] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6466] memfd_create("syzkaller", 0) = 3 [pid 6466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6466] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6466] close(3) = 0 [pid 6466] mkdir("./bus", 0777) = 0 [pid 6466] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6466] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6466] chdir("./bus") = 0 [pid 6466] ioctl(4, LOOP_CLR_FD) = 0 [pid 6466] close(4) = 0 [pid 6466] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] memfd_create("syzkaller", 0 [pid 6465] <... futex resumed>) = 0 [pid 6466] <... memfd_create resumed>) = 4 [pid 6466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6466] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6466] munmap(0x7f6d360cf000, 32768) = 0 [pid 6466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6466] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6466] ioctl(5, LOOP_CLR_FD) = 0 [pid 6465] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6466] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6466] close(5) = 0 [pid 6466] close(4) = 0 [pid 6466] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6466] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = 0 [pid 6465] <... futex resumed>) = 1 [pid 6466] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6465] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... openat resumed>) = 4 [pid 6466] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] <... futex resumed>) = 1 [pid 6465] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6466] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... futex resumed>) = 0 [pid 6466] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6466] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6465] <... futex resumed>) = 0 [pid 6466] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6465] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6466] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6466] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6465] <... mmap resumed>) = 0x7f6d360b6000 [pid 6465] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6466] <... openat resumed>) = 6 [pid 6465] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6466] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6466] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6467]}, 88) = 6467 ./strace-static-x86_64: Process 6467 attached [pid 6467] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6467] <... rseq resumed>) = 0 [pid 6465] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] set_robust_list(0x7f6d360d69a0, 24 [pid 6465] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6467] <... set_robust_list resumed>) = 0 [pid 6467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6467] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [ 142.401871][ T6466] loop0: detected capacity change from 0 to 64 [pid 6467] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6467] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] exit_group(0 [pid 6467] <... futex resumed>) = ? [pid 6466] <... futex resumed>) = ? [pid 6465] <... exit_group resumed>) = ? [pid 6467] +++ exited with 0 +++ [pid 6466] +++ exited with 0 +++ [pid 6465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6465, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./473", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./473/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./473/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./473/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./473/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./473/bus") = 0 umount2("./473/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./473/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./473") = 0 mkdir("./474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6468 attached , child_tidptr=0x5555564f6750) = 6468 [pid 6468] set_robust_list(0x5555564f6760, 24) = 0 [pid 6468] chdir("./474") = 0 [pid 6468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6468] setpgid(0, 0) = 0 [pid 6468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6468] write(3, "1000", 4) = 4 [pid 6468] close(3) = 0 [pid 6468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6468] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6468] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6469 attached [pid 6469] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6468] <... clone3 resumed> => {parent_tid=[6469]}, 88) = 6469 [pid 6469] <... rseq resumed>) = 0 [pid 6469] set_robust_list(0x7f6d468e79a0, 24 [pid 6468] rt_sigprocmask(SIG_SETMASK, [], [pid 6469] <... set_robust_list resumed>) = 0 [pid 6468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6469] rt_sigprocmask(SIG_SETMASK, [], [pid 6468] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6468] <... futex resumed>) = 0 [pid 6469] memfd_create("syzkaller", 0 [pid 6468] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6469] <... memfd_create resumed>) = 3 [pid 6469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6469] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6469] close(3) = 0 [pid 6469] mkdir("./bus", 0777) = 0 [pid 6469] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6469] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6469] chdir("./bus") = 0 [pid 6469] ioctl(4, LOOP_CLR_FD) = 0 [pid 6469] close(4) = 0 [pid 6469] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6469] memfd_create("syzkaller", 0 [pid 6468] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6469] <... memfd_create resumed>) = 4 [pid 6469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6469] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6469] munmap(0x7f6d360cf000, 32768) = 0 [pid 6469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6469] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6469] ioctl(5, LOOP_CLR_FD) = 0 [pid 6469] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6469] close(5) = 0 [pid 6469] close(4) = 0 [pid 6469] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6469] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6469] <... futex resumed>) = 0 [pid 6468] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6469] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] <... futex resumed>) = 0 [pid 6469] <... futex resumed>) = 1 [pid 6468] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... write resumed>) = 12288 [pid 6469] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] <... futex resumed>) = 0 [pid 6469] <... futex resumed>) = 1 [pid 6468] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... mmap resumed>) = 0x20000000 [pid 6469] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... futex resumed>) = 1 [pid 6469] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6469] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6469] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6469] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6468] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6469] <... openat resumed>) = 6 [pid 6468] <... mmap resumed>) = 0x7f6d360b6000 [pid 6468] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6469] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] <... mprotect resumed>) = 0 [pid 6468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6470 attached => {parent_tid=[6470]}, 88) = 6470 [pid 6468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6468] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6470] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6470] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6470] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6470] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6470] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] exit_group(0 [pid 6470] <... futex resumed>) = ? [pid 6469] <... futex resumed>) = ? [pid 6468] <... exit_group resumed>) = ? [pid 6470] +++ exited with 0 +++ [ 142.526928][ T6469] loop0: detected capacity change from 0 to 64 [pid 6469] +++ exited with 0 +++ [pid 6468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6468, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./474", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./474/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./474/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./474/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./474/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./474/bus") = 0 umount2("./474/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./474/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./474") = 0 mkdir("./475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6471 attached , child_tidptr=0x5555564f6750) = 6471 [pid 6471] set_robust_list(0x5555564f6760, 24) = 0 [pid 6471] chdir("./475") = 0 [pid 6471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6471] setpgid(0, 0) = 0 [pid 6471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6471] write(3, "1000", 4) = 4 [pid 6471] close(3) = 0 [pid 6471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6471] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6471] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6472]}, 88) = 6472 [pid 6471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6471] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6472 attached [pid 6472] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6472] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6472] memfd_create("syzkaller", 0) = 3 [pid 6472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6472] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6472] close(3) = 0 [pid 6472] mkdir("./bus", 0777) = 0 [pid 6472] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6472] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6472] chdir("./bus") = 0 [pid 6472] ioctl(4, LOOP_CLR_FD) = 0 [pid 6472] close(4) = 0 [pid 6472] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6472] <... futex resumed>) = 1 [pid 6472] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6471] <... futex resumed>) = 0 [pid 6472] memfd_create("syzkaller", 0 [pid 6471] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6472] <... memfd_create resumed>) = 4 [pid 6472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6472] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6472] munmap(0x7f6d360cf000, 32768) = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6472] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6472] ioctl(5, LOOP_CLR_FD) = 0 [pid 6472] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6472] close(5) = 0 [pid 6472] close(4) = 0 [pid 6472] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6472] <... futex resumed>) = 1 [pid 6472] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6471] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] <... openat resumed>) = 4 [pid 6471] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] <... futex resumed>) = 0 [pid 6472] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6471] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... write resumed>) = 12288 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6472] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6471] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6472] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6471] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6472] <... futex resumed>) = 1 [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6472] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6472] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6471] <... clone3 resumed> => {parent_tid=[6473]}, 88) = 6473 ./strace-static-x86_64: Process 6473 attached [pid 6471] rt_sigprocmask(SIG_SETMASK, [], [pid 6473] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6472] <... openat resumed>) = 6 [ 142.632160][ T6472] loop0: detected capacity change from 0 to 64 [pid 6473] <... rseq resumed>) = 0 [pid 6473] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6473] rt_sigprocmask(SIG_SETMASK, [], [pid 6472] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6472] <... futex resumed>) = 0 [pid 6471] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] <... futex resumed>) = 0 [pid 6473] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6471] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6473] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] <... futex resumed>) = 0 [pid 6473] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] exit_group(0 [pid 6472] <... futex resumed>) = ? [pid 6471] <... exit_group resumed>) = ? [pid 6473] <... futex resumed>) = ? [pid 6472] +++ exited with 0 +++ [pid 6473] +++ exited with 0 +++ [pid 6471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6471, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./475", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./475/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./475/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./475/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./475/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./475/bus") = 0 umount2("./475/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./475/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./475") = 0 mkdir("./476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6474 attached , child_tidptr=0x5555564f6750) = 6474 [pid 6474] set_robust_list(0x5555564f6760, 24) = 0 [pid 6474] chdir("./476") = 0 [pid 6474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6474] setpgid(0, 0) = 0 [pid 6474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6474] write(3, "1000", 4) = 4 [pid 6474] close(3) = 0 [pid 6474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6474] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6474] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6475 attached => {parent_tid=[6475]}, 88) = 6475 [pid 6474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6474] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6475] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6475] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6475] memfd_create("syzkaller", 0) = 3 [pid 6475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6475] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6475] close(3) = 0 [pid 6475] mkdir("./bus", 0777) = 0 [pid 6475] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6475] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6475] chdir("./bus") = 0 [pid 6475] ioctl(4, LOOP_CLR_FD) = 0 [pid 6475] close(4) = 0 [pid 6475] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] <... futex resumed>) = 0 [pid 6474] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6475] memfd_create("syzkaller", 0) = 4 [pid 6475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6475] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6475] munmap(0x7f6d360cf000, 32768) = 0 [pid 6475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6475] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6475] ioctl(5, LOOP_CLR_FD) = 0 [pid 6475] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6475] close(5) = 0 [pid 6475] close(4) = 0 [pid 6475] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6475] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6474] <... futex resumed>) = 0 [pid 6475] <... openat resumed>) = 4 [pid 6474] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... futex resumed>) = 1 [pid 6475] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6475] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... futex resumed>) = 1 [pid 6475] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6475] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] <... futex resumed>) = 0 [pid 6475] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6474] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6475] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6474] <... futex resumed>) = 0 [pid 6475] <... openat resumed>) = 5 [pid 6474] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6475] <... futex resumed>) = 1 [pid 6475] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6474] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6475] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6474] <... mprotect resumed>) = 0 [pid 6475] <... openat resumed>) = 6 [pid 6474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6475] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6476 attached [pid 6475] <... futex resumed>) = 0 [pid 6476] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6475] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] <... clone3 resumed> => {parent_tid=[6476]}, 88) = 6476 [pid 6476] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6474] rt_sigprocmask(SIG_SETMASK, [], [pid 6476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6476] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6474] <... futex resumed>) = 0 [pid 6476] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6474] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6476] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6476] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] <... futex resumed>) = 0 [pid 6476] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 142.770153][ T6475] loop0: detected capacity change from 0 to 64 [pid 6474] exit_group(0 [pid 6475] <... futex resumed>) = ? [pid 6474] <... exit_group resumed>) = ? [pid 6475] +++ exited with 0 +++ [pid 6476] <... futex resumed>) = ? [pid 6476] +++ exited with 0 +++ [pid 6474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6474, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./476", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./476/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./476/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./476/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./476/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./476/bus") = 0 umount2("./476/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./476/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./476") = 0 mkdir("./477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6477 attached , child_tidptr=0x5555564f6750) = 6477 [pid 6477] set_robust_list(0x5555564f6760, 24) = 0 [pid 6477] chdir("./477") = 0 [pid 6477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6477] setpgid(0, 0) = 0 [pid 6477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6477] write(3, "1000", 4) = 4 [pid 6477] close(3) = 0 [pid 6477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6477] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6477] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6478 attached [pid 6478] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6477] <... clone3 resumed> => {parent_tid=[6478]}, 88) = 6478 [pid 6478] <... rseq resumed>) = 0 [pid 6477] rt_sigprocmask(SIG_SETMASK, [], [pid 6478] set_robust_list(0x7f6d468e79a0, 24 [pid 6477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6478] <... set_robust_list resumed>) = 0 [pid 6477] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6477] <... futex resumed>) = 0 [pid 6478] memfd_create("syzkaller", 0 [pid 6477] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6478] <... memfd_create resumed>) = 3 [pid 6478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6478] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6478] close(3) = 0 [pid 6478] mkdir("./bus", 0777) = 0 [pid 6478] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6478] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6478] chdir("./bus") = 0 [pid 6478] ioctl(4, LOOP_CLR_FD) = 0 [pid 6478] close(4) = 0 [pid 6478] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] <... futex resumed>) = 0 [pid 6478] <... futex resumed>) = 1 [pid 6477] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] memfd_create("syzkaller", 0) = 4 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6478] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6478] munmap(0x7f6d360cf000, 32768) = 0 [pid 6478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6478] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6478] ioctl(5, LOOP_CLR_FD) = 0 [pid 6478] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6478] close(5) = 0 [pid 6478] close(4) = 0 [pid 6478] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6478] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6477] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6478] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6477] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... openat resumed>) = 4 [pid 6478] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... write resumed>) = 12288 [pid 6478] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6478] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = 0 [pid 6477] <... futex resumed>) = 1 [pid 6478] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6477] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... mmap resumed>) = 0x20000000 [pid 6478] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6478] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = 0 [pid 6477] <... futex resumed>) = 1 [pid 6478] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6478] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6477] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] <... openat resumed>) = 5 [pid 6478] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6478] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6478] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6477] <... futex resumed>) = 0 [ 142.895150][ T6478] loop0: detected capacity change from 0 to 64 [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6478] <... openat resumed>) = 6 [pid 6478] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6478] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] <... mmap resumed>) = 0x7f6d360b6000 [pid 6477] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6479 attached => {parent_tid=[6479]}, 88) = 6479 [pid 6479] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6477] rt_sigprocmask(SIG_SETMASK, [], [pid 6479] set_robust_list(0x7f6d360d69a0, 24 [pid 6477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6479] <... set_robust_list resumed>) = 0 [pid 6477] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] rt_sigprocmask(SIG_SETMASK, [], [pid 6477] <... futex resumed>) = 0 [pid 6479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6479] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6477] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6479] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6479] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] <... futex resumed>) = 0 [pid 6479] <... futex resumed>) = 1 [pid 6479] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] exit_group(0 [pid 6479] <... futex resumed>) = ? [pid 6479] +++ exited with 0 +++ [pid 6478] <... futex resumed>) = ? [pid 6477] <... exit_group resumed>) = ? [pid 6478] +++ exited with 0 +++ [pid 6477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6477, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./477", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./477/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./477/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./477/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./477/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./477/bus") = 0 umount2("./477/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./477/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./477") = 0 mkdir("./478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6480 attached , child_tidptr=0x5555564f6750) = 6480 [pid 6480] set_robust_list(0x5555564f6760, 24) = 0 [pid 6480] chdir("./478") = 0 [pid 6480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6480] setpgid(0, 0) = 0 [pid 6480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6480] write(3, "1000", 4) = 4 [pid 6480] close(3) = 0 [pid 6480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6480] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6480] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6481 attached [pid 6481] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6481] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6481] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] <... clone3 resumed> => {parent_tid=[6481]}, 88) = 6481 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6480] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] <... futex resumed>) = 0 [pid 6480] <... futex resumed>) = 1 [pid 6481] memfd_create("syzkaller", 0 [pid 6480] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6481] <... memfd_create resumed>) = 3 [pid 6481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6481] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6481] close(3) = 0 [pid 6481] mkdir("./bus", 0777) = 0 [pid 6481] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6481] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6481] chdir("./bus") = 0 [pid 6481] ioctl(4, LOOP_CLR_FD) = 0 [pid 6481] close(4) = 0 [pid 6481] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6481] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] <... futex resumed>) = 0 [pid 6480] <... futex resumed>) = 1 [pid 6481] memfd_create("syzkaller", 0) = 4 [pid 6480] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6481] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6481] munmap(0x7f6d360cf000, 32768) = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6481] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6481] ioctl(5, LOOP_CLR_FD) = 0 [pid 6481] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6481] close(5) = 0 [pid 6481] close(4) = 0 [pid 6481] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... futex resumed>) = 1 [pid 6481] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6481] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... futex resumed>) = 1 [pid 6481] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6481] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... futex resumed>) = 1 [pid 6481] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6481] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6481] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6480] <... futex resumed>) = 0 [pid 6481] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6481] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6480] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... openat resumed>) = 5 [pid 6481] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6481] <... futex resumed>) = 1 [ 143.013609][ T6481] loop0: detected capacity change from 0 to 64 [pid 6480] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6480] <... futex resumed>) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6481] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6480] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6481] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6481] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6482 attached [pid 6482] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6482] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6482] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] <... clone3 resumed> => {parent_tid=[6482]}, 88) = 6482 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6480] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6482] <... futex resumed>) = 0 [pid 6480] <... futex resumed>) = 1 [pid 6482] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6480] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6482] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6482] <... futex resumed>) = 0 [pid 6482] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] exit_group(0 [pid 6482] <... futex resumed>) = ? [pid 6481] <... futex resumed>) = ? [pid 6481] +++ exited with 0 +++ [pid 6480] <... exit_group resumed>) = ? [pid 6482] +++ exited with 0 +++ [pid 6480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6480, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./478", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./478/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./478/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./478/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./478/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./478/bus") = 0 umount2("./478/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./478/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./478") = 0 mkdir("./479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6483 ./strace-static-x86_64: Process 6483 attached [pid 6483] set_robust_list(0x5555564f6760, 24) = 0 [pid 6483] chdir("./479") = 0 [pid 6483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6483] setpgid(0, 0) = 0 [pid 6483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6483] write(3, "1000", 4) = 4 [pid 6483] close(3) = 0 [pid 6483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6483] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6483] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6484]}, 88) = 6484 [pid 6483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6483] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6484 attached [pid 6483] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6484] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6484] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6484] memfd_create("syzkaller", 0) = 3 [pid 6484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6484] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6484] close(3) = 0 [pid 6484] mkdir("./bus", 0777) = 0 [pid 6484] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6484] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6484] chdir("./bus") = 0 [pid 6484] ioctl(4, LOOP_CLR_FD) = 0 [pid 6484] close(4) = 0 [pid 6484] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6484] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = 0 [pid 6483] <... futex resumed>) = 1 [pid 6484] memfd_create("syzkaller", 0) = 4 [pid 6483] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6484] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6484] munmap(0x7f6d360cf000, 32768) = 0 [pid 6484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6484] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6484] ioctl(5, LOOP_CLR_FD) = 0 [pid 6484] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6484] close(5) = 0 [pid 6484] close(4) = 0 [pid 6484] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6484] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6483] <... futex resumed>) = 0 [pid 6484] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6483] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... openat resumed>) = 4 [pid 6484] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6484] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 143.164420][ T6484] loop0: detected capacity change from 0 to 64 [pid 6483] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6483] <... futex resumed>) = 0 [pid 6484] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6483] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... write resumed>) = 12288 [pid 6484] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6484] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6483] <... futex resumed>) = 0 [pid 6484] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6483] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... mmap resumed>) = 0x20000000 [pid 6484] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6484] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6483] <... futex resumed>) = 0 [pid 6484] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6483] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6484] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6484] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = 0 [pid 6483] <... futex resumed>) = 1 [pid 6484] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6483] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6483] <... futex resumed>) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6484] <... openat resumed>) = 6 [pid 6483] <... mmap resumed>) = 0x7f6d360b6000 [pid 6484] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6484] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] <... mprotect resumed>) = 0 [pid 6483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6485 attached [pid 6485] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6483] <... clone3 resumed> => {parent_tid=[6485]}, 88) = 6485 [pid 6485] <... rseq resumed>) = 0 [pid 6483] rt_sigprocmask(SIG_SETMASK, [], [pid 6485] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6485] rt_sigprocmask(SIG_SETMASK, [], [pid 6483] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6483] <... futex resumed>) = 0 [pid 6485] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6483] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6485] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6485] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6485] <... futex resumed>) = 1 [pid 6483] exit_group(0 [pid 6485] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6484] <... futex resumed>) = ? [pid 6483] <... exit_group resumed>) = ? [pid 6485] +++ exited with 0 +++ [pid 6484] +++ exited with 0 +++ [pid 6483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6483, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./479", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./479/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./479/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./479/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./479/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./479/bus") = 0 umount2("./479/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./479/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./479") = 0 mkdir("./480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6486 attached , child_tidptr=0x5555564f6750) = 6486 [pid 6486] set_robust_list(0x5555564f6760, 24) = 0 [pid 6486] chdir("./480") = 0 [pid 6486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6486] setpgid(0, 0) = 0 [pid 6486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6486] write(3, "1000", 4) = 4 [pid 6486] close(3) = 0 [pid 6486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6486] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6486] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6487]}, 88) = 6487 [pid 6486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6486] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6487 attached [pid 6487] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6487] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6487] memfd_create("syzkaller", 0) = 3 [pid 6487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6487] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6487] close(3) = 0 [pid 6487] mkdir("./bus", 0777) = 0 [pid 6487] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6487] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6487] chdir("./bus") = 0 [pid 6487] ioctl(4, LOOP_CLR_FD) = 0 [pid 6487] close(4) = 0 [pid 6487] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6487] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6487] <... futex resumed>) = 0 [pid 6487] memfd_create("syzkaller", 0 [pid 6486] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6487] <... memfd_create resumed>) = 4 [pid 6487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6487] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6487] munmap(0x7f6d360cf000, 32768) = 0 [pid 6487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6487] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6487] ioctl(5, LOOP_CLR_FD) = 0 [pid 6487] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6487] close(5) = 0 [pid 6487] close(4) = 0 [pid 6487] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6487] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = 0 [pid 6486] <... futex resumed>) = 1 [pid 6487] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6486] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... openat resumed>) = 4 [pid 6487] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6486] <... futex resumed>) = 0 [pid 6487] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6486] <... futex resumed>) = 0 [ 143.346145][ T6487] loop0: detected capacity change from 0 to 64 [pid 6487] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6486] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... write resumed>) = 12288 [pid 6487] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... futex resumed>) = 1 [pid 6487] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6487] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... futex resumed>) = 1 [pid 6487] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6487] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6487] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6487] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6486] <... mmap resumed>) = 0x7f6d360b6000 [pid 6487] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6486] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6487] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6487] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6488 attached [pid 6488] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6487] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] <... clone3 resumed> => {parent_tid=[6488]}, 88) = 6488 [pid 6488] <... rseq resumed>) = 0 [pid 6486] rt_sigprocmask(SIG_SETMASK, [], [pid 6488] set_robust_list(0x7f6d360d69a0, 24 [pid 6486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6488] <... set_robust_list resumed>) = 0 [pid 6488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6488] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6486] <... futex resumed>) = 1 [pid 6488] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6486] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6488] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6488] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6486] <... futex resumed>) = 0 [pid 6488] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] exit_group(0) = ? [pid 6488] <... futex resumed>) = ? [pid 6487] <... futex resumed>) = ? [pid 6488] +++ exited with 0 +++ [pid 6487] +++ exited with 0 +++ [pid 6486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6486, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./480", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./480/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./480/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./480/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./480/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./480/bus") = 0 umount2("./480/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./480/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./480") = 0 mkdir("./481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6489 attached , child_tidptr=0x5555564f6750) = 6489 [pid 6489] set_robust_list(0x5555564f6760, 24) = 0 [pid 6489] chdir("./481") = 0 [pid 6489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6489] setpgid(0, 0) = 0 [pid 6489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6489] write(3, "1000", 4) = 4 [pid 6489] close(3) = 0 [pid 6489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6489] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6489] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6490 attached => {parent_tid=[6490]}, 88) = 6490 [pid 6490] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6490] <... rseq resumed>) = 0 [pid 6489] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] set_robust_list(0x7f6d468e79a0, 24 [pid 6489] <... futex resumed>) = 0 [pid 6490] <... set_robust_list resumed>) = 0 [pid 6490] rt_sigprocmask(SIG_SETMASK, [], [pid 6489] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6490] memfd_create("syzkaller", 0) = 3 [pid 6490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6490] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6490] close(3) = 0 [pid 6490] mkdir("./bus", 0777) = 0 [pid 6490] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6490] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6490] chdir("./bus") = 0 [pid 6490] ioctl(4, LOOP_CLR_FD) = 0 [pid 6490] close(4) = 0 [pid 6490] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6490] memfd_create("syzkaller", 0 [pid 6489] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] <... memfd_create resumed>) = 4 [pid 6489] <... futex resumed>) = 0 [pid 6490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6489] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6490] <... mmap resumed>) = 0x7f6d360cf000 [pid 6490] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6490] munmap(0x7f6d360cf000, 32768) = 0 [pid 6490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6490] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6490] ioctl(5, LOOP_CLR_FD) = 0 [pid 6490] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6490] close(5) = 0 [pid 6490] close(4) = 0 [pid 6490] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6490] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6489] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] <... openat resumed>) = 4 [pid 6489] <... futex resumed>) = 0 [pid 6490] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [ 143.532672][ T6490] loop0: detected capacity change from 0 to 64 [pid 6489] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] <... futex resumed>) = 0 [pid 6489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6490] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6489] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] <... write resumed>) = 12288 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6490] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6489] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6489] <... futex resumed>) = 0 [pid 6490] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6489] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] <... mmap resumed>) = 0x20000000 [pid 6490] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6490] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6490] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6490] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6489] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6489] <... futex resumed>) = 0 [pid 6490] <... openat resumed>) = 6 [pid 6489] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6490] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] <... mmap resumed>) = 0x7f6d360b6000 [pid 6490] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6489] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6491 attached => {parent_tid=[6491]}, 88) = 6491 [pid 6491] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6489] rt_sigprocmask(SIG_SETMASK, [], [pid 6491] <... rseq resumed>) = 0 [pid 6489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6491] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6489] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] rt_sigprocmask(SIG_SETMASK, [], [pid 6489] <... futex resumed>) = 0 [pid 6491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6489] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6491] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6491] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6491] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6489] exit_group(0 [pid 6491] <... futex resumed>) = ? [pid 6489] <... exit_group resumed>) = ? [pid 6490] <... futex resumed>) = ? [pid 6491] +++ exited with 0 +++ [pid 6490] +++ exited with 0 +++ [pid 6489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6489, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./481", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./481/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./481/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./481/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./481/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./481/bus") = 0 umount2("./481/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./481/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./481") = 0 mkdir("./482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6492 ./strace-static-x86_64: Process 6492 attached [pid 6492] set_robust_list(0x5555564f6760, 24) = 0 [pid 6492] chdir("./482") = 0 [pid 6492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6492] setpgid(0, 0) = 0 [pid 6492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6492] write(3, "1000", 4) = 4 [pid 6492] close(3) = 0 [pid 6492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6492] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6492] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6493 attached => {parent_tid=[6493]}, 88) = 6493 [pid 6492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6493] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6492] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... rseq resumed>) = 0 [pid 6493] set_robust_list(0x7f6d468e79a0, 24 [pid 6492] <... futex resumed>) = 0 [pid 6493] <... set_robust_list resumed>) = 0 [pid 6493] rt_sigprocmask(SIG_SETMASK, [], [pid 6492] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6493] memfd_create("syzkaller", 0) = 3 [pid 6493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6493] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6493] close(3) = 0 [pid 6493] mkdir("./bus", 0777) = 0 [pid 6493] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6493] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6493] chdir("./bus") = 0 [pid 6493] ioctl(4, LOOP_CLR_FD) = 0 [pid 6493] close(4) = 0 [pid 6493] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6492] <... futex resumed>) = 0 [pid 6493] memfd_create("syzkaller", 0 [pid 6492] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6493] <... memfd_create resumed>) = 4 [pid 6493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6493] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6493] munmap(0x7f6d360cf000, 32768) = 0 [pid 6493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6493] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6493] ioctl(5, LOOP_CLR_FD) = 0 [pid 6493] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6493] close(5) = 0 [pid 6493] close(4) = 0 [pid 6493] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] <... futex resumed>) = 0 [pid 6493] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6492] <... futex resumed>) = 0 [pid 6493] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6492] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... openat resumed>) = 4 [pid 6493] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = 0 [pid 6492] <... futex resumed>) = 1 [pid 6493] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6492] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6492] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = 0 [pid 6493] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6492] <... futex resumed>) = 1 [pid 6492] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = 0 [pid 6493] <... futex resumed>) = 1 [ 143.734977][ T6493] loop0: detected capacity change from 0 to 64 [pid 6492] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6492] <... futex resumed>) = 0 [pid 6493] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6492] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... openat resumed>) = 5 [pid 6493] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] <... futex resumed>) = 1 [pid 6493] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6493] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6492] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6493] <... openat resumed>) = 6 [pid 6492] <... mprotect resumed>) = 0 [pid 6492] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6493] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6493] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6494 attached => {parent_tid=[6494]}, 88) = 6494 [pid 6492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6492] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6494] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6494] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6494] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6494] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] <... futex resumed>) = 0 [pid 6494] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] exit_group(0 [pid 6494] <... futex resumed>) = ? [pid 6493] <... futex resumed>) = ? [pid 6494] +++ exited with 0 +++ [pid 6493] +++ exited with 0 +++ [pid 6492] <... exit_group resumed>) = ? [pid 6492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6492, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./482", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./482/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./482/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./482/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./482/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./482/bus") = 0 umount2("./482/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./482/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./482") = 0 mkdir("./483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6495 attached , child_tidptr=0x5555564f6750) = 6495 [pid 6495] set_robust_list(0x5555564f6760, 24) = 0 [pid 6495] chdir("./483") = 0 [pid 6495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6495] setpgid(0, 0) = 0 [pid 6495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6495] write(3, "1000", 4) = 4 [pid 6495] close(3) = 0 [pid 6495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6495] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6495] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6496]}, 88) = 6496 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6495] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6496 attached [pid 6496] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6496] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6496] memfd_create("syzkaller", 0) = 3 [pid 6496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6496] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6496] close(3) = 0 [pid 6496] mkdir("./bus", 0777) = 0 [pid 6496] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6496] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6496] chdir("./bus") = 0 [pid 6496] ioctl(4, LOOP_CLR_FD) = 0 [pid 6496] close(4) = 0 [pid 6496] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6496] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6496] memfd_create("syzkaller", 0 [pid 6495] <... futex resumed>) = 0 [pid 6496] <... memfd_create resumed>) = 4 [pid 6495] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6496] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6496] munmap(0x7f6d360cf000, 32768) = 0 [pid 6496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6496] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6496] ioctl(5, LOOP_CLR_FD) = 0 [pid 6496] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6496] close(5) = 0 [pid 6496] close(4) = 0 [pid 6496] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6496] <... futex resumed>) = 1 [pid 6496] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] <... futex resumed>) = 0 [pid 6496] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6495] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... openat resumed>) = 4 [pid 6496] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... futex resumed>) = 1 [pid 6496] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6496] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6496] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6495] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... mmap resumed>) = 0x20000000 [pid 6496] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6496] <... futex resumed>) = 1 [pid 6496] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6495] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6496] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6496] <... futex resumed>) = 1 [pid 6496] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] <... futex resumed>) = 0 [pid 6496] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6495] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6495] <... futex resumed>) = 0 [pid 6496] <... openat resumed>) = 6 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6495] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6496] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... mprotect resumed>) = 0 [pid 6496] <... futex resumed>) = 0 [pid 6496] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6497 attached [pid 6497] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6495] <... clone3 resumed> => {parent_tid=[6497]}, 88) = 6497 [pid 6497] set_robust_list(0x7f6d360d69a0, 24 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], [pid 6497] <... set_robust_list resumed>) = 0 [pid 6497] rt_sigprocmask(SIG_SETMASK, [], [pid 6495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6495] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6495] <... futex resumed>) = 0 [pid 6497] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6495] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6497] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6495] exit_group(0 [pid 6497] <... futex resumed>) = ? [pid 6496] <... futex resumed>) = ? [pid 6495] <... exit_group resumed>) = ? [pid 6497] +++ exited with 0 +++ [pid 6496] +++ exited with 0 +++ [pid 6495] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6495, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./483", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 143.856535][ T6496] loop0: detected capacity change from 0 to 64 umount2("./483/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./483/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./483/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./483/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./483/bus") = 0 umount2("./483/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./483/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./483") = 0 mkdir("./484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6498 ./strace-static-x86_64: Process 6498 attached [pid 6498] set_robust_list(0x5555564f6760, 24) = 0 [pid 6498] chdir("./484") = 0 [pid 6498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6498] setpgid(0, 0) = 0 [pid 6498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6498] write(3, "1000", 4) = 4 [pid 6498] close(3) = 0 [pid 6498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6498] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6498] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6499]}, 88) = 6499 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6499 attached [pid 6499] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6499] <... rseq resumed>) = 0 [pid 6499] set_robust_list(0x7f6d468e79a0, 24 [pid 6498] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... set_robust_list resumed>) = 0 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], [pid 6498] <... futex resumed>) = 0 [pid 6499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6498] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6499] memfd_create("syzkaller", 0) = 3 [pid 6499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6499] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6499] close(3) = 0 [pid 6499] mkdir("./bus", 0777) = 0 [pid 6499] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6499] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6499] chdir("./bus") = 0 [pid 6499] ioctl(4, LOOP_CLR_FD) = 0 [pid 6499] close(4) = 0 [pid 6499] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = 0 [pid 6498] <... futex resumed>) = 1 [pid 6499] memfd_create("syzkaller", 0) = 4 [pid 6499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6498] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6499] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6499] munmap(0x7f6d360cf000, 32768) = 0 [pid 6499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6499] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6499] ioctl(5, LOOP_CLR_FD) = 0 [pid 6499] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6499] close(5) = 0 [pid 6499] close(4) = 0 [pid 6499] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6499] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6499] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6499] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6498] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6498] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... openat resumed>) = 5 [pid 6499] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6498] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6499] <... openat resumed>) = 6 [pid 6499] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... mmap resumed>) = 0x7f6d360b6000 [pid 6499] <... futex resumed>) = 0 [pid 6498] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6499] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] <... mprotect resumed>) = 0 [pid 6498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6500 attached [pid 6500] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6498] <... clone3 resumed> => {parent_tid=[6500]}, 88) = 6500 [ 143.965145][ T6499] loop0: detected capacity change from 0 to 64 [pid 6500] set_robust_list(0x7f6d360d69a0, 24 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6500] <... set_robust_list resumed>) = 0 [pid 6498] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] rt_sigprocmask(SIG_SETMASK, [], [pid 6498] <... futex resumed>) = 0 [pid 6500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6498] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6500] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6500] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6500] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] exit_group(0 [pid 6500] <... futex resumed>) = ? [pid 6498] <... exit_group resumed>) = ? [pid 6500] +++ exited with 0 +++ [pid 6499] <... futex resumed>) = ? [pid 6499] +++ exited with 0 +++ [pid 6498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6498, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./484", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./484/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./484/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./484/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./484/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./484/bus") = 0 umount2("./484/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./484/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./484") = 0 mkdir("./485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6501 attached , child_tidptr=0x5555564f6750) = 6501 [pid 6501] set_robust_list(0x5555564f6760, 24) = 0 [pid 6501] chdir("./485") = 0 [pid 6501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6501] setpgid(0, 0) = 0 [pid 6501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6501] write(3, "1000", 4) = 4 [pid 6501] close(3) = 0 [pid 6501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6501] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6501] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6502 attached => {parent_tid=[6502]}, 88) = 6502 [pid 6502] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6501] rt_sigprocmask(SIG_SETMASK, [], [pid 6502] set_robust_list(0x7f6d468e79a0, 24 [pid 6501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6502] <... set_robust_list resumed>) = 0 [pid 6502] rt_sigprocmask(SIG_SETMASK, [], [pid 6501] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6502] memfd_create("syzkaller", 0 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6502] <... memfd_create resumed>) = 3 [pid 6502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6502] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6502] close(3) = 0 [pid 6502] mkdir("./bus", 0777) = 0 [pid 6502] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6502] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6502] chdir("./bus") = 0 [pid 6502] ioctl(4, LOOP_CLR_FD) = 0 [pid 6502] close(4) = 0 [pid 6502] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6502] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6502] <... futex resumed>) = 0 [pid 6502] memfd_create("syzkaller", 0) = 4 [pid 6502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6501] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6502] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6502] munmap(0x7f6d360cf000, 32768) = 0 [pid 6502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6502] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6502] ioctl(5, LOOP_CLR_FD) = 0 [pid 6502] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6502] close(5) = 0 [pid 6502] close(4) = 0 [pid 6502] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... futex resumed>) = 1 [pid 6502] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6502] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... futex resumed>) = 1 [pid 6502] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6502] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6502] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... futex resumed>) = 0 [pid 6501] <... futex resumed>) = 1 [pid 6502] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6501] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... mmap resumed>) = 0x20000000 [pid 6502] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] <... futex resumed>) = 0 [pid 6502] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6501] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6501] <... futex resumed>) = 0 [pid 6502] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6501] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... openat resumed>) = 5 [pid 6502] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] <... futex resumed>) = 0 [pid 6502] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... futex resumed>) = 0 [pid 6501] <... futex resumed>) = 1 [pid 6502] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6501] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6501] <... futex resumed>) = 0 [pid 6501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6502] <... openat resumed>) = 6 [pid 6501] <... mmap resumed>) = 0x7f6d360b6000 [pid 6501] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6502] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... mprotect resumed>) = 0 [pid 6501] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6502] <... futex resumed>) = 0 [pid 6501] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6502] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6503 attached => {parent_tid=[6503]}, 88) = 6503 [pid 6501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6501] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.115845][ T6502] loop0: detected capacity change from 0 to 64 [pid 6501] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6503] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6503] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6503] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6503] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] <... futex resumed>) = 0 [pid 6503] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] exit_group(0 [pid 6502] <... futex resumed>) = ? [pid 6501] <... exit_group resumed>) = ? [pid 6503] <... futex resumed>) = ? [pid 6502] +++ exited with 0 +++ [pid 6503] +++ exited with 0 +++ [pid 6501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6501, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./485", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./485/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./485/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./485/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./485/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./485/bus") = 0 umount2("./485/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./485/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./485") = 0 mkdir("./486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6504 attached , child_tidptr=0x5555564f6750) = 6504 [pid 6504] set_robust_list(0x5555564f6760, 24) = 0 [pid 6504] chdir("./486") = 0 [pid 6504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6504] setpgid(0, 0) = 0 [pid 6504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6504] write(3, "1000", 4) = 4 [pid 6504] close(3) = 0 [pid 6504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6504] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6504] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6505]}, 88) = 6505 [pid 6504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6504] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6505 attached [pid 6505] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6505] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6505] memfd_create("syzkaller", 0) = 3 [pid 6505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6505] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6505] close(3) = 0 [pid 6505] mkdir("./bus", 0777) = 0 [pid 6505] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6505] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6505] chdir("./bus") = 0 [pid 6505] ioctl(4, LOOP_CLR_FD) = 0 [pid 6505] close(4) = 0 [pid 6505] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6504] <... futex resumed>) = 0 [pid 6505] memfd_create("syzkaller", 0 [pid 6504] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6505] <... memfd_create resumed>) = 4 [pid 6505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6505] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6505] munmap(0x7f6d360cf000, 32768) = 0 [pid 6505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6505] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6505] ioctl(5, LOOP_CLR_FD) = 0 [pid 6505] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6505] close(5) = 0 [pid 6505] close(4) = 0 [pid 6505] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6505] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] <... futex resumed>) = 0 [pid 6504] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = 0 [pid 6504] <... futex resumed>) = 1 [pid 6505] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6504] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] <... openat resumed>) = 4 [pid 6505] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6504] <... futex resumed>) = 0 [pid 6505] <... futex resumed>) = 1 [pid 6504] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6504] <... futex resumed>) = 0 [pid 6504] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] <... write resumed>) = 12288 [pid 6505] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6504] <... futex resumed>) = 0 [pid 6505] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6504] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] <... mmap resumed>) = 0x20000000 [pid 6505] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6504] <... futex resumed>) = 0 [pid 6505] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6504] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 144.248486][ T6505] loop0: detected capacity change from 0 to 64 [pid 6505] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6505] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6504] <... futex resumed>) = 0 [pid 6505] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6504] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6504] <... futex resumed>) = 0 [pid 6504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6505] <... openat resumed>) = 6 [pid 6505] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] <... mmap resumed>) = 0x7f6d360b6000 [pid 6504] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6505] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] <... mprotect resumed>) = 0 [pid 6504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6506 attached [pid 6506] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6504] <... clone3 resumed> => {parent_tid=[6506]}, 88) = 6506 [pid 6506] <... rseq resumed>) = 0 [pid 6506] set_robust_list(0x7f6d360d69a0, 24 [pid 6504] rt_sigprocmask(SIG_SETMASK, [], [pid 6506] <... set_robust_list resumed>) = 0 [pid 6504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6506] rt_sigprocmask(SIG_SETMASK, [], [pid 6504] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6504] <... futex resumed>) = 0 [pid 6506] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6504] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6506] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6506] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6506] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] <... futex resumed>) = 0 [pid 6504] exit_group(0 [pid 6506] <... futex resumed>) = ? [pid 6505] <... futex resumed>) = ? [pid 6506] +++ exited with 0 +++ [pid 6505] +++ exited with 0 +++ [pid 6504] <... exit_group resumed>) = ? [pid 6504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6504, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./486", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./486/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./486/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./486/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./486/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./486/bus") = 0 umount2("./486/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./486/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./486") = 0 mkdir("./487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6507 ./strace-static-x86_64: Process 6507 attached [pid 6507] set_robust_list(0x5555564f6760, 24) = 0 [pid 6507] chdir("./487") = 0 [pid 6507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6507] setpgid(0, 0) = 0 [pid 6507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6507] write(3, "1000", 4) = 4 [pid 6507] close(3) = 0 [pid 6507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6507] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6507] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6508 attached => {parent_tid=[6508]}, 88) = 6508 [pid 6507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6507] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6508] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6508] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6508] memfd_create("syzkaller", 0) = 3 [pid 6508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6508] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6508] close(3) = 0 [pid 6508] mkdir("./bus", 0777) = 0 [pid 6508] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6508] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6508] chdir("./bus") = 0 [pid 6508] ioctl(4, LOOP_CLR_FD) = 0 [pid 6508] close(4) = 0 [pid 6508] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6508] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6507] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6508] <... futex resumed>) = 0 [pid 6508] memfd_create("syzkaller", 0) = 4 [pid 6508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6508] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6508] munmap(0x7f6d360cf000, 32768) = 0 [pid 6508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6508] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6508] ioctl(5, LOOP_CLR_FD) = 0 [pid 6508] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6508] close(5) = 0 [pid 6508] close(4) = 0 [pid 6508] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6508] <... futex resumed>) = 1 [pid 6507] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6507] <... futex resumed>) = 0 [pid 6508] <... openat resumed>) = 4 [pid 6507] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6507] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... futex resumed>) = 1 [pid 6508] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6508] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] <... futex resumed>) = 1 [pid 6507] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [ 144.390690][ T6508] loop0: detected capacity change from 0 to 64 [pid 6508] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = 0 [pid 6508] <... futex resumed>) = 1 [pid 6508] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6507] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6507] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] <... openat resumed>) = 5 [pid 6508] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6507] <... futex resumed>) = 0 [pid 6507] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6507] <... futex resumed>) = 0 [pid 6508] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6507] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] <... openat resumed>) = 6 [pid 6507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6507] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6508] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... mprotect resumed>) = 0 [pid 6508] <... futex resumed>) = 0 [pid 6508] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6509 attached [pid 6509] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6507] <... clone3 resumed> => {parent_tid=[6509]}, 88) = 6509 [pid 6509] <... rseq resumed>) = 0 [pid 6509] set_robust_list(0x7f6d360d69a0, 24 [pid 6507] rt_sigprocmask(SIG_SETMASK, [], [pid 6509] <... set_robust_list resumed>) = 0 [pid 6507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6509] rt_sigprocmask(SIG_SETMASK, [], [pid 6507] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6507] <... futex resumed>) = 0 [pid 6509] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6507] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6509] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6507] <... futex resumed>) = 0 [pid 6509] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6507] exit_group(0 [pid 6509] <... futex resumed>) = ? [pid 6508] <... futex resumed>) = ? [pid 6507] <... exit_group resumed>) = ? [pid 6508] +++ exited with 0 +++ [pid 6509] +++ exited with 0 +++ [pid 6507] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6507, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./487", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./487/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./487/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./487/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./487/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./487/bus") = 0 umount2("./487/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./487/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./487") = 0 mkdir("./488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6510 attached , child_tidptr=0x5555564f6750) = 6510 [pid 6510] set_robust_list(0x5555564f6760, 24) = 0 [pid 6510] chdir("./488") = 0 [pid 6510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6510] setpgid(0, 0) = 0 [pid 6510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6510] write(3, "1000", 4) = 4 [pid 6510] close(3) = 0 [pid 6510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6510] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6510] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6511]}, 88) = 6511 ./strace-static-x86_64: Process 6511 attached [pid 6510] rt_sigprocmask(SIG_SETMASK, [], [pid 6511] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6510] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] <... rseq resumed>) = 0 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6511] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6511] memfd_create("syzkaller", 0) = 3 [pid 6511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6511] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6511] close(3) = 0 [pid 6511] mkdir("./bus", 0777) = 0 [pid 6511] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6511] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6511] chdir("./bus") = 0 [pid 6511] ioctl(4, LOOP_CLR_FD) = 0 [pid 6511] close(4) = 0 [pid 6511] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6510] <... futex resumed>) = 0 [pid 6511] <... futex resumed>) = 1 [pid 6510] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] memfd_create("syzkaller", 0) = 4 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6511] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6511] munmap(0x7f6d360cf000, 32768) = 0 [pid 6511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6511] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6511] ioctl(5, LOOP_CLR_FD) = 0 [pid 6511] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6511] close(5) = 0 [pid 6511] close(4) = 0 [pid 6511] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6511] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] <... futex resumed>) = 0 [pid 6511] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6510] <... futex resumed>) = 1 [pid 6511] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6510] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6511] <... futex resumed>) = 0 [pid 6510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6511] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6510] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] <... write resumed>) = 12288 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6511] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6511] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6511] <... futex resumed>) = 0 [pid 6511] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6511] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6511] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6510] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6510] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6511] <... futex resumed>) = 0 [pid 6511] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6511] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6510] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6511] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6510] <... futex resumed>) = 0 [pid 6510] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6510] <... futex resumed>) = 0 [pid 6511] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6510] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] <... openat resumed>) = 6 [pid 6510] <... futex resumed>) = 0 [pid 6510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6510] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6511] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6511] <... futex resumed>) = 0 [pid 6510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6511] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6512]}, 88) = 6512 [pid 6510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6510] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6510] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6512 attached [pid 6512] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6512] set_robust_list(0x7f6d360d69a0, 24) = 0 [ 144.520560][ T6511] loop0: detected capacity change from 0 to 64 [pid 6512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6512] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6512] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6510] <... futex resumed>) = 0 [pid 6510] exit_group(0 [pid 6511] <... futex resumed>) = ? [pid 6510] <... exit_group resumed>) = ? [pid 6511] +++ exited with 0 +++ [pid 6512] <... futex resumed>) = ? [pid 6512] +++ exited with 0 +++ [pid 6510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6510, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./488", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./488/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./488/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./488/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./488/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./488/bus") = 0 umount2("./488/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./488/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./488") = 0 mkdir("./489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6513 attached , child_tidptr=0x5555564f6750) = 6513 [pid 6513] set_robust_list(0x5555564f6760, 24) = 0 [pid 6513] chdir("./489") = 0 [pid 6513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6513] setpgid(0, 0) = 0 [pid 6513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6513] write(3, "1000", 4) = 4 [pid 6513] close(3) = 0 [pid 6513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6513] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6513] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6514 attached => {parent_tid=[6514]}, 88) = 6514 [pid 6514] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6513] rt_sigprocmask(SIG_SETMASK, [], [pid 6514] <... rseq resumed>) = 0 [pid 6513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6514] set_robust_list(0x7f6d468e79a0, 24 [pid 6513] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] <... set_robust_list resumed>) = 0 [pid 6513] <... futex resumed>) = 0 [pid 6514] rt_sigprocmask(SIG_SETMASK, [], [pid 6513] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6514] memfd_create("syzkaller", 0) = 3 [pid 6514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6514] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6514] close(3) = 0 [pid 6514] mkdir("./bus", 0777) = 0 [pid 6514] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6514] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6514] chdir("./bus") = 0 [pid 6514] ioctl(4, LOOP_CLR_FD) = 0 [pid 6514] close(4) = 0 [pid 6514] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6514] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] <... futex resumed>) = 0 [pid 6514] memfd_create("syzkaller", 0 [pid 6513] <... futex resumed>) = 1 [pid 6514] <... memfd_create resumed>) = 4 [pid 6513] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6514] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6514] munmap(0x7f6d360cf000, 32768) = 0 [pid 6514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6514] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6514] ioctl(5, LOOP_CLR_FD) = 0 [pid 6514] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6514] close(5) = 0 [pid 6514] close(4) = 0 [pid 6514] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6514] <... futex resumed>) = 1 [pid 6513] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6513] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... write resumed>) = 12288 [pid 6514] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] <... futex resumed>) = 1 [pid 6514] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6514] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6513] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] <... futex resumed>) = 1 [pid 6513] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6514] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6514] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 0 [pid 6514] <... futex resumed>) = 1 [pid 6514] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] <... futex resumed>) = 0 [pid 6513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6514] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6514] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6513] <... mmap resumed>) = 0x7f6d360b6000 [pid 6513] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6514] <... openat resumed>) = 6 [pid 6513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6515 attached [pid 6514] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6515] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6514] <... futex resumed>) = 0 [pid 6515] set_robust_list(0x7f6d360d69a0, 24 [pid 6514] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] <... clone3 resumed> => {parent_tid=[6515]}, 88) = 6515 [pid 6515] <... set_robust_list resumed>) = 0 [pid 6515] rt_sigprocmask(SIG_SETMASK, [], [pid 6513] rt_sigprocmask(SIG_SETMASK, [], [pid 6515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6515] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6513] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6513] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6515] <... write resumed>) = -1 ENOSPC (No space left on device) [ 144.637733][ T6514] loop0: detected capacity change from 0 to 64 [pid 6515] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] <... futex resumed>) = 0 [pid 6515] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] exit_group(0 [pid 6514] <... futex resumed>) = ? [pid 6515] <... futex resumed>) = ? [pid 6513] <... exit_group resumed>) = ? [pid 6515] +++ exited with 0 +++ [pid 6514] +++ exited with 0 +++ [pid 6513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6513, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./489", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./489/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./489/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./489/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./489/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./489/bus") = 0 umount2("./489/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./489/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./489") = 0 mkdir("./490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6516 attached , child_tidptr=0x5555564f6750) = 6516 [pid 6516] set_robust_list(0x5555564f6760, 24) = 0 [pid 6516] chdir("./490") = 0 [pid 6516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6516] setpgid(0, 0) = 0 [pid 6516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6516] write(3, "1000", 4) = 4 [pid 6516] close(3) = 0 [pid 6516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6516] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6516] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6517 attached [pid 6517] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6516] <... clone3 resumed> => {parent_tid=[6517]}, 88) = 6517 [pid 6517] set_robust_list(0x7f6d468e79a0, 24 [pid 6516] rt_sigprocmask(SIG_SETMASK, [], [pid 6517] <... set_robust_list resumed>) = 0 [pid 6516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6516] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] memfd_create("syzkaller", 0 [pid 6516] <... futex resumed>) = 0 [pid 6517] <... memfd_create resumed>) = 3 [pid 6517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6516] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6517] <... mmap resumed>) = 0x7f6d3e4c7000 [pid 6517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6517] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6517] close(3) = 0 [pid 6517] mkdir("./bus", 0777) = 0 [pid 6517] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6517] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6517] chdir("./bus") = 0 [pid 6517] ioctl(4, LOOP_CLR_FD) = 0 [pid 6517] close(4) = 0 [pid 6517] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6517] memfd_create("syzkaller", 0) = 4 [pid 6517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6517] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6517] munmap(0x7f6d360cf000, 32768) = 0 [pid 6517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6517] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6517] ioctl(5, LOOP_CLR_FD) = 0 [pid 6517] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6517] close(5) = 0 [pid 6517] close(4) = 0 [pid 6517] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6517] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6517] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6517] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6517] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6517] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] <... futex resumed>) = 1 [pid 6516] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6516] <... futex resumed>) = 0 [pid 6517] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6517] <... openat resumed>) = 6 [pid 6516] <... mmap resumed>) = 0x7f6d360b6000 [ 144.771991][ T6517] loop0: detected capacity change from 0 to 64 [pid 6516] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6517] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6518 attached [pid 6518] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6516] <... clone3 resumed> => {parent_tid=[6518]}, 88) = 6518 [pid 6518] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6518] rt_sigprocmask(SIG_SETMASK, [], [pid 6516] rt_sigprocmask(SIG_SETMASK, [], [pid 6518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6518] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6516] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = 0 [pid 6518] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6516] <... futex resumed>) = 1 [pid 6518] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6516] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] exit_group(0 [pid 6518] <... futex resumed>) = 1 [pid 6517] <... futex resumed>) = ? [pid 6516] <... exit_group resumed>) = ? [pid 6518] +++ exited with 0 +++ [pid 6517] +++ exited with 0 +++ [pid 6516] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6516, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./490", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./490/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./490/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./490/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./490/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./490/bus") = 0 umount2("./490/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./490/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./490") = 0 mkdir("./491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6519 attached [pid 6519] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6519 [pid 6519] chdir("./491") = 0 [pid 6519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6519] setpgid(0, 0) = 0 [pid 6519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6519] write(3, "1000", 4) = 4 [pid 6519] close(3) = 0 [pid 6519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6519] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6519] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6520 attached => {parent_tid=[6520]}, 88) = 6520 [pid 6519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6519] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6520] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6520] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6520] memfd_create("syzkaller", 0) = 3 [pid 6520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6520] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6520] close(3) = 0 [pid 6520] mkdir("./bus", 0777) = 0 [pid 6520] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6520] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6520] chdir("./bus") = 0 [pid 6520] ioctl(4, LOOP_CLR_FD) = 0 [pid 6520] close(4) = 0 [pid 6520] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6520] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6519] <... futex resumed>) = 0 [pid 6520] memfd_create("syzkaller", 0 [pid 6519] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6520] <... memfd_create resumed>) = 4 [pid 6520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6520] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6520] munmap(0x7f6d360cf000, 32768) = 0 [pid 6520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6520] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6520] ioctl(5, LOOP_CLR_FD) = 0 [pid 6520] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6520] close(5) = 0 [pid 6520] close(4) = 0 [pid 6520] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... futex resumed>) = 0 [pid 6520] <... futex resumed>) = 1 [pid 6519] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] <... openat resumed>) = 4 [pid 6520] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6519] <... futex resumed>) = 0 [pid 6520] <... write resumed>) = 12288 [pid 6519] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6520] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6519] <... futex resumed>) = 0 [pid 6520] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6519] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] <... mmap resumed>) = 0x20000000 [pid 6520] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6520] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6519] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 144.901681][ T6520] loop0: detected capacity change from 0 to 64 [pid 6520] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6520] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] <... futex resumed>) = 0 [pid 6519] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] <... futex resumed>) = 0 [pid 6519] <... futex resumed>) = 1 [pid 6520] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6520] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6519] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] <... openat resumed>) = 6 [pid 6519] <... futex resumed>) = 0 [pid 6519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6520] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... mmap resumed>) = 0x7f6d360b6000 [pid 6520] <... futex resumed>) = 0 [pid 6519] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6520] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] <... mprotect resumed>) = 0 [pid 6519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6521 attached [pid 6521] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6519] <... clone3 resumed> => {parent_tid=[6521]}, 88) = 6521 [pid 6521] <... rseq resumed>) = 0 [pid 6521] set_robust_list(0x7f6d360d69a0, 24 [pid 6519] rt_sigprocmask(SIG_SETMASK, [], [pid 6521] <... set_robust_list resumed>) = 0 [pid 6521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6521] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6519] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6521] <... futex resumed>) = 0 [pid 6519] <... futex resumed>) = 1 [pid 6521] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6519] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6521] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6521] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... futex resumed>) = 0 [pid 6521] <... futex resumed>) = 1 [pid 6519] exit_group(0 [pid 6520] <... futex resumed>) = ? [pid 6519] <... exit_group resumed>) = ? [pid 6520] +++ exited with 0 +++ [pid 6521] +++ exited with 0 +++ [pid 6519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6519, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./491", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./491/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./491/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./491/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./491/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./491/bus") = 0 umount2("./491/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./491/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./491/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./491") = 0 mkdir("./492", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6522 attached , child_tidptr=0x5555564f6750) = 6522 [pid 6522] set_robust_list(0x5555564f6760, 24) = 0 [pid 6522] chdir("./492") = 0 [pid 6522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6522] setpgid(0, 0) = 0 [pid 6522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6522] write(3, "1000", 4) = 4 [pid 6522] close(3) = 0 [pid 6522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6522] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6522] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6523 attached [pid 6523] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6523] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6523] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... clone3 resumed> => {parent_tid=[6523]}, 88) = 6523 [pid 6522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6522] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = 0 [pid 6522] <... futex resumed>) = 1 [pid 6523] memfd_create("syzkaller", 0 [pid 6522] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6523] <... memfd_create resumed>) = 3 [pid 6523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6523] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6523] close(3) = 0 [pid 6523] mkdir("./bus", 0777) = 0 [pid 6523] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6523] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6523] chdir("./bus") = 0 [pid 6523] ioctl(4, LOOP_CLR_FD) = 0 [pid 6523] close(4) = 0 [pid 6523] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = 0 [pid 6523] <... futex resumed>) = 1 [pid 6522] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] memfd_create("syzkaller", 0) = 4 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6523] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6523] munmap(0x7f6d360cf000, 32768) = 0 [pid 6523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6523] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6523] ioctl(5, LOOP_CLR_FD) = 0 [pid 6523] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6523] close(5) = 0 [pid 6523] close(4) = 0 [pid 6523] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6523] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = 0 [pid 6522] <... futex resumed>) = 1 [pid 6523] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6522] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... openat resumed>) = 4 [pid 6523] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... futex resumed>) = 1 [pid 6523] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6523] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... futex resumed>) = 1 [pid 6523] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6523] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... futex resumed>) = 1 [pid 6523] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6523] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6523] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 145.044407][ T6523] loop0: detected capacity change from 0 to 64 [pid 6523] <... futex resumed>) = 1 [pid 6522] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6522] <... futex resumed>) = 0 [pid 6523] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6522] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6523] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6524 attached => {parent_tid=[6524]}, 88) = 6524 [pid 6524] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6522] rt_sigprocmask(SIG_SETMASK, [], [pid 6524] set_robust_list(0x7f6d360d69a0, 24 [pid 6522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6524] <... set_robust_list resumed>) = 0 [pid 6522] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6524] rt_sigprocmask(SIG_SETMASK, [], [pid 6522] <... futex resumed>) = 0 [pid 6524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6522] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6524] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6524] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6522] <... futex resumed>) = 0 [pid 6524] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] exit_group(0 [pid 6524] <... futex resumed>) = ? [pid 6523] <... futex resumed>) = ? [pid 6524] +++ exited with 0 +++ [pid 6523] +++ exited with 0 +++ [pid 6522] <... exit_group resumed>) = ? [pid 6522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6522, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./492", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./492/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./492/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./492/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./492/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./492/bus") = 0 umount2("./492/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./492/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./492/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./492") = 0 mkdir("./493", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6525 attached , child_tidptr=0x5555564f6750) = 6525 [pid 6525] set_robust_list(0x5555564f6760, 24) = 0 [pid 6525] chdir("./493") = 0 [pid 6525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6525] setpgid(0, 0) = 0 [pid 6525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6525] write(3, "1000", 4) = 4 [pid 6525] close(3) = 0 [pid 6525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6525] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6525] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6525] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6526 attached => {parent_tid=[6526]}, 88) = 6526 [pid 6526] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6526] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6526] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6525] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = 0 [pid 6525] <... futex resumed>) = 1 [pid 6526] memfd_create("syzkaller", 0 [pid 6525] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6526] <... memfd_create resumed>) = 3 [pid 6526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6526] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6526] close(3) = 0 [pid 6526] mkdir("./bus", 0777) = 0 [pid 6526] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6526] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6526] chdir("./bus") = 0 [pid 6526] ioctl(4, LOOP_CLR_FD) = 0 [pid 6526] close(4) = 0 [pid 6526] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6525] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] memfd_create("syzkaller", 0 [pid 6525] <... futex resumed>) = 0 [pid 6525] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6526] <... memfd_create resumed>) = 4 [pid 6526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6526] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6526] munmap(0x7f6d360cf000, 32768) = 0 [pid 6526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6526] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6526] ioctl(5, LOOP_CLR_FD) = 0 [pid 6526] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6526] close(5) = 0 [pid 6526] close(4) = 0 [pid 6526] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6525] <... futex resumed>) = 0 [pid 6526] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6525] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... openat resumed>) = 4 [pid 6526] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] <... futex resumed>) = 0 [pid 6526] <... futex resumed>) = 1 [pid 6525] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6526] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6525] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... write resumed>) = 12288 [pid 6526] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 145.188945][ T6526] loop0: detected capacity change from 0 to 64 [pid 6525] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6525] <... futex resumed>) = 0 [pid 6526] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6525] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... mmap resumed>) = 0x20000000 [pid 6526] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6525] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6526] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6525] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6526] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6526] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... futex resumed>) = 0 [pid 6525] <... futex resumed>) = 1 [pid 6526] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6525] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6525] <... futex resumed>) = 0 [pid 6525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6526] <... openat resumed>) = 6 [pid 6525] <... mmap resumed>) = 0x7f6d360b6000 [pid 6525] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6526] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] <... mprotect resumed>) = 0 [pid 6526] <... futex resumed>) = 0 [pid 6526] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6527 attached [pid 6527] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6525] <... clone3 resumed> => {parent_tid=[6527]}, 88) = 6527 [pid 6527] set_robust_list(0x7f6d360d69a0, 24 [pid 6525] rt_sigprocmask(SIG_SETMASK, [], [pid 6527] <... set_robust_list resumed>) = 0 [pid 6525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6527] rt_sigprocmask(SIG_SETMASK, [], [pid 6525] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6525] <... futex resumed>) = 0 [pid 6527] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6525] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6527] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6527] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6525] <... futex resumed>) = 0 [pid 6527] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6525] exit_group(0 [pid 6527] <... futex resumed>) = ? [pid 6526] <... futex resumed>) = ? [pid 6525] <... exit_group resumed>) = ? [pid 6526] +++ exited with 0 +++ [pid 6527] +++ exited with 0 +++ [pid 6525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6525, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./493", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./493/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./493/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./493/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./493/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./493/bus") = 0 umount2("./493/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./493/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./493/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./493") = 0 mkdir("./494", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6528 attached , child_tidptr=0x5555564f6750) = 6528 [pid 6528] set_robust_list(0x5555564f6760, 24) = 0 [pid 6528] chdir("./494") = 0 [pid 6528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6528] setpgid(0, 0) = 0 [pid 6528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6528] write(3, "1000", 4) = 4 [pid 6528] close(3) = 0 [pid 6528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6528] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6528] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6529]}, 88) = 6529 ./strace-static-x86_64: Process 6529 attached [pid 6528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6528] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6529] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6529] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6529] memfd_create("syzkaller", 0) = 3 [pid 6529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6529] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6529] close(3) = 0 [pid 6529] mkdir("./bus", 0777) = 0 [pid 6529] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6529] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6529] chdir("./bus") = 0 [pid 6529] ioctl(4, LOOP_CLR_FD) = 0 [pid 6529] close(4) = 0 [pid 6529] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] memfd_create("syzkaller", 0) = 4 [pid 6529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6529] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6529] munmap(0x7f6d360cf000, 32768) = 0 [pid 6529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6529] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6529] ioctl(5, LOOP_CLR_FD) = 0 [pid 6529] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6529] close(5) = 0 [pid 6529] close(4) = 0 [pid 6529] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6529] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6528] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] <... futex resumed>) = 0 [pid 6528] <... futex resumed>) = 1 [pid 6529] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6528] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... openat resumed>) = 4 [pid 6529] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6528] <... futex resumed>) = 0 [pid 6529] <... write resumed>) = 12288 [pid 6528] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6529] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6528] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] <... mmap resumed>) = 0x20000000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6529] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... openat resumed>) = 5 [pid 6529] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6529] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] <... futex resumed>) = 0 [pid 6528] <... futex resumed>) = 1 [pid 6529] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6528] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6529] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 145.335729][ T6529] loop0: detected capacity change from 0 to 64 [pid 6529] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6528] <... mmap resumed>) = 0x7f6d360b6000 [pid 6528] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6530 attached => {parent_tid=[6530]}, 88) = 6530 [pid 6530] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6528] rt_sigprocmask(SIG_SETMASK, [], [pid 6530] <... rseq resumed>) = 0 [pid 6528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6530] set_robust_list(0x7f6d360d69a0, 24 [pid 6528] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6530] <... set_robust_list resumed>) = 0 [pid 6528] <... futex resumed>) = 0 [pid 6530] rt_sigprocmask(SIG_SETMASK, [], [pid 6528] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6530] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6530] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6530] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6528] exit_group(0 [pid 6529] <... futex resumed>) = ? [pid 6530] <... futex resumed>) = ? [pid 6528] <... exit_group resumed>) = ? [pid 6530] +++ exited with 0 +++ [pid 6529] +++ exited with 0 +++ [pid 6528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6528, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./494", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./494/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./494/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./494/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./494/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./494/bus") = 0 umount2("./494/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./494/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./494/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./494") = 0 mkdir("./495", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6531 attached , child_tidptr=0x5555564f6750) = 6531 [pid 6531] set_robust_list(0x5555564f6760, 24) = 0 [pid 6531] chdir("./495") = 0 [pid 6531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6531] setpgid(0, 0) = 0 [pid 6531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6531] write(3, "1000", 4) = 4 [pid 6531] close(3) = 0 [pid 6531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6531] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6531] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6531] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6532 attached [pid 6532] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6531] <... clone3 resumed> => {parent_tid=[6532]}, 88) = 6532 [pid 6532] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6531] rt_sigprocmask(SIG_SETMASK, [], [pid 6532] rt_sigprocmask(SIG_SETMASK, [], [pid 6531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6531] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] memfd_create("syzkaller", 0 [pid 6531] <... futex resumed>) = 0 [pid 6531] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6532] <... memfd_create resumed>) = 3 [pid 6532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6532] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6532] close(3) = 0 [pid 6532] mkdir("./bus", 0777) = 0 [pid 6532] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6532] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6532] chdir("./bus") = 0 [pid 6532] ioctl(4, LOOP_CLR_FD) = 0 [pid 6532] close(4) = 0 [pid 6532] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6531] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] memfd_create("syzkaller", 0 [pid 6531] <... futex resumed>) = 0 [pid 6531] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6532] <... memfd_create resumed>) = 4 [pid 6532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6532] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6532] munmap(0x7f6d360cf000, 32768) = 0 [pid 6532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6532] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6532] ioctl(5, LOOP_CLR_FD) = 0 [pid 6532] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6532] close(5) = 0 [pid 6532] close(4) = 0 [pid 6532] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6532] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6531] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = 0 [pid 6531] <... futex resumed>) = 1 [pid 6532] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6531] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] <... write resumed>) = 12288 [pid 6532] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6531] <... futex resumed>) = 0 [pid 6532] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6531] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] <... mmap resumed>) = 0x20000000 [pid 6532] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6531] <... futex resumed>) = 0 [pid 6532] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6531] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6532] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6531] <... futex resumed>) = 0 [pid 6532] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6531] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6531] <... futex resumed>) = 0 [pid 6531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6532] <... openat resumed>) = 6 [pid 6531] <... mmap resumed>) = 0x7f6d360b6000 [pid 6532] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6532] <... futex resumed>) = 0 [pid 6531] <... mprotect resumed>) = 0 [pid 6532] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6533 attached [pid 6533] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6531] <... clone3 resumed> => {parent_tid=[6533]}, 88) = 6533 [pid 6533] <... rseq resumed>) = 0 [pid 6533] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6531] rt_sigprocmask(SIG_SETMASK, [], [ 145.478107][ T6532] loop0: detected capacity change from 0 to 64 [pid 6533] rt_sigprocmask(SIG_SETMASK, [], [pid 6531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6531] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6533] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6531] <... futex resumed>) = 0 [pid 6533] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6531] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6533] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] exit_group(0 [pid 6532] <... futex resumed>) = ? [pid 6531] <... exit_group resumed>) = ? [pid 6533] <... futex resumed>) = ? [pid 6533] +++ exited with 0 +++ [pid 6532] +++ exited with 0 +++ [pid 6531] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6531, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./495", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./495/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./495/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./495/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./495/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./495/bus") = 0 umount2("./495/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./495/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./495/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./495") = 0 mkdir("./496", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6534 attached , child_tidptr=0x5555564f6750) = 6534 [pid 6534] set_robust_list(0x5555564f6760, 24) = 0 [pid 6534] chdir("./496") = 0 [pid 6534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6534] setpgid(0, 0) = 0 [pid 6534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6534] write(3, "1000", 4) = 4 [pid 6534] close(3) = 0 [pid 6534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6534] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6534] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6535 attached [pid 6535] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6534] <... clone3 resumed> => {parent_tid=[6535]}, 88) = 6535 [pid 6535] <... rseq resumed>) = 0 [pid 6534] rt_sigprocmask(SIG_SETMASK, [], [pid 6535] set_robust_list(0x7f6d468e79a0, 24 [pid 6534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] <... set_robust_list resumed>) = 0 [pid 6534] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] rt_sigprocmask(SIG_SETMASK, [], [pid 6534] <... futex resumed>) = 0 [pid 6535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6534] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6535] memfd_create("syzkaller", 0) = 3 [pid 6535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6535] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6535] close(3) = 0 [pid 6535] mkdir("./bus", 0777) = 0 [pid 6535] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6535] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6535] chdir("./bus") = 0 [pid 6535] ioctl(4, LOOP_CLR_FD) = 0 [pid 6535] close(4) = 0 [pid 6535] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] memfd_create("syzkaller", 0 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6535] <... memfd_create resumed>) = 4 [pid 6535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6535] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6535] munmap(0x7f6d360cf000, 32768) = 0 [pid 6535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6535] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6535] ioctl(5, LOOP_CLR_FD) = 0 [pid 6535] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6535] close(5) = 0 [pid 6535] close(4) = 0 [pid 6535] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6535] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = 0 [pid 6534] <... futex resumed>) = 1 [pid 6535] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6534] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... openat resumed>) = 4 [pid 6535] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] <... futex resumed>) = 0 [pid 6535] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6534] <... futex resumed>) = 0 [pid 6535] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6534] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... write resumed>) = 12288 [pid 6535] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... futex resumed>) = 1 [pid 6535] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6535] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... futex resumed>) = 1 [pid 6535] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6535] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6535] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 6534] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6534] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6535] <... futex resumed>) = 1 [pid 6535] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6535] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 6536 attached [pid 6536] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6534] <... clone3 resumed> => {parent_tid=[6536]}, 88) = 6536 [pid 6536] <... rseq resumed>) = 0 [ 145.630184][ T6535] loop0: detected capacity change from 0 to 64 [pid 6536] set_robust_list(0x7f6d360d69a0, 24 [pid 6535] <... openat resumed>) = 6 [pid 6534] rt_sigprocmask(SIG_SETMASK, [], [pid 6536] <... set_robust_list resumed>) = 0 [pid 6536] rt_sigprocmask(SIG_SETMASK, [], [pid 6534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6534] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... futex resumed>) = 0 [pid 6535] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6536] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6536] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] <... futex resumed>) = 0 [pid 6536] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] exit_group(0 [pid 6535] <... futex resumed>) = ? [pid 6536] <... futex resumed>) = ? [pid 6534] <... exit_group resumed>) = ? [pid 6536] +++ exited with 0 +++ [pid 6535] +++ exited with 0 +++ [pid 6534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6534, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./496", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./496/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./496/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./496/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./496/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./496/bus") = 0 umount2("./496/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./496/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./496/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./496") = 0 mkdir("./497", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6537 attached , child_tidptr=0x5555564f6750) = 6537 [pid 6537] set_robust_list(0x5555564f6760, 24) = 0 [pid 6537] chdir("./497") = 0 [pid 6537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6537] setpgid(0, 0) = 0 [pid 6537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6537] write(3, "1000", 4) = 4 [pid 6537] close(3) = 0 [pid 6537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6537] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6537] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6538 attached [pid 6538] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6537] <... clone3 resumed> => {parent_tid=[6538]}, 88) = 6538 [pid 6538] <... rseq resumed>) = 0 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6538] set_robust_list(0x7f6d468e79a0, 24 [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6538] <... set_robust_list resumed>) = 0 [pid 6538] rt_sigprocmask(SIG_SETMASK, [], [pid 6537] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6537] <... futex resumed>) = 0 [pid 6538] memfd_create("syzkaller", 0 [pid 6537] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6538] <... memfd_create resumed>) = 3 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6538] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6538] close(3) = 0 [pid 6538] mkdir("./bus", 0777) = 0 [pid 6538] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6538] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6538] chdir("./bus") = 0 [pid 6538] ioctl(4, LOOP_CLR_FD) = 0 [pid 6538] close(4) = 0 [pid 6538] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6538] memfd_create("syzkaller", 0 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6538] <... memfd_create resumed>) = 4 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6538] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6538] munmap(0x7f6d360cf000, 32768) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6538] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6538] ioctl(5, LOOP_CLR_FD) = 0 [pid 6538] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6538] close(5) = 0 [pid 6538] close(4) = 0 [pid 6538] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] <... futex resumed>) = 0 [pid 6538] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6537] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... openat resumed>) = 4 [pid 6538] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6538] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6538] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6538] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] <... futex resumed>) = 0 [pid 6538] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6537] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6538] <... openat resumed>) = 6 [pid 6537] <... mmap resumed>) = 0x7f6d360b6000 [pid 6537] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6538] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6539 attached => {parent_tid=[6539]}, 88) = 6539 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6537] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6539] set_robust_list(0x7f6d360d69a0, 24) = 0 [ 145.772725][ T6538] loop0: detected capacity change from 0 to 64 [pid 6539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6539] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6539] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6539] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] exit_group(0 [pid 6538] <... futex resumed>) = ? [pid 6539] <... futex resumed>) = ? [pid 6538] +++ exited with 0 +++ [pid 6539] +++ exited with 0 +++ [pid 6537] <... exit_group resumed>) = ? [pid 6537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6537, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./497", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./497/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./497/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./497/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./497/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./497/bus") = 0 umount2("./497/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./497/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./497/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./497") = 0 mkdir("./498", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6540 attached , child_tidptr=0x5555564f6750) = 6540 [pid 6540] set_robust_list(0x5555564f6760, 24) = 0 [pid 6540] chdir("./498") = 0 [pid 6540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6540] setpgid(0, 0) = 0 [pid 6540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6540] write(3, "1000", 4) = 4 [pid 6540] close(3) = 0 [pid 6540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6540] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6540] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6541]}, 88) = 6541 ./strace-static-x86_64: Process 6541 attached [pid 6540] rt_sigprocmask(SIG_SETMASK, [], [pid 6541] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6541] <... rseq resumed>) = 0 [pid 6540] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] set_robust_list(0x7f6d468e79a0, 24 [pid 6540] <... futex resumed>) = 0 [pid 6541] <... set_robust_list resumed>) = 0 [pid 6540] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6541] memfd_create("syzkaller", 0) = 3 [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6541] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6541] close(3) = 0 [pid 6541] mkdir("./bus", 0777) = 0 [pid 6541] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6541] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6541] chdir("./bus") = 0 [pid 6541] ioctl(4, LOOP_CLR_FD) = 0 [pid 6541] close(4) = 0 [pid 6541] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6541] <... futex resumed>) = 1 [pid 6540] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] memfd_create("syzkaller", 0 [pid 6540] <... futex resumed>) = 0 [pid 6541] <... memfd_create resumed>) = 4 [pid 6540] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6541] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6541] munmap(0x7f6d360cf000, 32768) = 0 [pid 6541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6541] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6541] ioctl(5, LOOP_CLR_FD) = 0 [pid 6541] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6541] close(5) = 0 [pid 6541] close(4) = 0 [pid 6541] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6541] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] <... futex resumed>) = 0 [pid 6540] <... futex resumed>) = 1 [pid 6541] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6540] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... openat resumed>) = 4 [pid 6541] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] <... futex resumed>) = 1 [pid 6540] <... futex resumed>) = 0 [pid 6541] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6540] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... write resumed>) = 12288 [pid 6541] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6541] <... futex resumed>) = 1 [pid 6540] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... mmap resumed>) = 0x20000000 [pid 6541] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6540] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6540] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6541] <... futex resumed>) = 1 [pid 6541] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6541] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6541] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6541] <... futex resumed>) = 1 [pid 6540] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6540] <... futex resumed>) = 0 [pid 6541] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6540] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] <... openat resumed>) = 6 [pid 6540] <... futex resumed>) = 0 [pid 6540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6541] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6542 attached [pid 6542] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6540] <... clone3 resumed> => {parent_tid=[6542]}, 88) = 6542 [pid 6542] <... rseq resumed>) = 0 [pid 6542] set_robust_list(0x7f6d360d69a0, 24 [pid 6540] rt_sigprocmask(SIG_SETMASK, [], [pid 6542] <... set_robust_list resumed>) = 0 [pid 6540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6542] rt_sigprocmask(SIG_SETMASK, [], [pid 6540] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6540] <... futex resumed>) = 0 [pid 6542] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6540] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6542] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6542] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = 0 [pid 6542] <... futex resumed>) = 1 [pid 6542] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6540] exit_group(0 [pid 6542] <... futex resumed>) = ? [pid 6541] <... futex resumed>) = ? [pid 6542] +++ exited with 0 +++ [pid 6541] +++ exited with 0 +++ [pid 6540] <... exit_group resumed>) = ? [pid 6540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6540, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./498", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 145.889055][ T6541] loop0: detected capacity change from 0 to 64 umount2("./498/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./498/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./498/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./498/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./498/bus") = 0 umount2("./498/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./498/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./498/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./498") = 0 mkdir("./499", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6543 attached , child_tidptr=0x5555564f6750) = 6543 [pid 6543] set_robust_list(0x5555564f6760, 24) = 0 [pid 6543] chdir("./499") = 0 [pid 6543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6543] setpgid(0, 0) = 0 [pid 6543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6543] write(3, "1000", 4) = 4 [pid 6543] close(3) = 0 [pid 6543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6543] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6543] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6544]}, 88) = 6544 ./strace-static-x86_64: Process 6544 attached [pid 6544] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6544] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6544] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6543] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = 0 [pid 6543] <... futex resumed>) = 1 [pid 6544] memfd_create("syzkaller", 0 [pid 6543] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] <... memfd_create resumed>) = 3 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6544] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6544] close(3) = 0 [pid 6544] mkdir("./bus", 0777) = 0 [pid 6544] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6544] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6544] chdir("./bus") = 0 [pid 6544] ioctl(4, LOOP_CLR_FD) = 0 [pid 6544] close(4) = 0 [pid 6544] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6544] memfd_create("syzkaller", 0 [pid 6543] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] <... memfd_create resumed>) = 4 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6544] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6544] munmap(0x7f6d360cf000, 32768) = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6544] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6544] ioctl(5, LOOP_CLR_FD) = 0 [pid 6544] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6544] close(5) = 0 [pid 6544] close(4) = 0 [pid 6544] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] <... futex resumed>) = 1 [pid 6543] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6544] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] <... futex resumed>) = 1 [pid 6543] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6544] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6544] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6543] <... futex resumed>) = 0 [pid 6544] <... mmap resumed>) = 0x20000000 [pid 6543] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6543] <... futex resumed>) = 0 [pid 6544] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6543] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] <... openat resumed>) = 5 [pid 6544] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6543] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6545 attached [pid 6545] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [ 146.007907][ T6544] loop0: detected capacity change from 0 to 64 [pid 6543] <... clone3 resumed> => {parent_tid=[6545]}, 88) = 6545 [pid 6545] <... rseq resumed>) = 0 [pid 6543] rt_sigprocmask(SIG_SETMASK, [], [pid 6545] set_robust_list(0x7f6d360d69a0, 24 [pid 6543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6545] <... set_robust_list resumed>) = 0 [pid 6543] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6545] rt_sigprocmask(SIG_SETMASK, [], [pid 6543] <... futex resumed>) = 0 [pid 6545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6544] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6543] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6545] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6544] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6545] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] <... futex resumed>) = 0 [pid 6545] <... futex resumed>) = 1 [pid 6545] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6544] <... openat resumed>) = 6 [pid 6544] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] exit_group(0 [pid 6544] <... futex resumed>) = ? [pid 6545] <... futex resumed>) = ? [pid 6544] +++ exited with 0 +++ [pid 6543] <... exit_group resumed>) = ? [pid 6545] +++ exited with 0 +++ [pid 6543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6543, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./499", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./499/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./499/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./499/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./499/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./499/bus") = 0 umount2("./499/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./499/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./499/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./499") = 0 mkdir("./500", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6546 attached [pid 6546] set_robust_list(0x5555564f6760, 24) = 0 [pid 6546] chdir("./500") = 0 [pid 6546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6546] setpgid(0, 0) = 0 [pid 6546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6546] write(3, "1000", 4) = 4 [pid 6546] close(3) = 0 [pid 6546] symlink("/dev/binderfs", "./binderfs" [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6546 [pid 6546] <... symlink resumed>) = 0 [pid 6546] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6546] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6547 attached => {parent_tid=[6547]}, 88) = 6547 [pid 6547] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6547] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6547] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6546] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6547] <... futex resumed>) = 0 [pid 6546] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6547] memfd_create("syzkaller", 0) = 3 [pid 6547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6547] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6547] close(3) = 0 [pid 6547] mkdir("./bus", 0777) = 0 [pid 6547] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6547] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6547] chdir("./bus") = 0 [pid 6547] ioctl(4, LOOP_CLR_FD) = 0 [pid 6547] close(4) = 0 [pid 6547] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] <... futex resumed>) = 1 [pid 6546] <... futex resumed>) = 0 [pid 6547] memfd_create("syzkaller", 0 [pid 6546] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6547] <... memfd_create resumed>) = 4 [pid 6547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6547] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6547] munmap(0x7f6d360cf000, 32768) = 0 [pid 6547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6547] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6547] ioctl(5, LOOP_CLR_FD) = 0 [pid 6547] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6547] close(5) = 0 [pid 6547] close(4) = 0 [pid 6547] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6547] <... futex resumed>) = 1 [pid 6546] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6546] <... futex resumed>) = 0 [pid 6547] <... openat resumed>) = 4 [pid 6546] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] <... futex resumed>) = 1 [pid 6547] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6547] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6547] <... futex resumed>) = 1 [pid 6546] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] <... mmap resumed>) = 0x20000000 [pid 6547] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6547] <... futex resumed>) = 1 [pid 6546] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6547] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6547] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6547] <... futex resumed>) = 1 [pid 6546] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6547] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6546] <... futex resumed>) = 0 [pid 6547] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6546] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6547] <... openat resumed>) = 6 [pid 6546] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6548 attached [pid 6547] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... clone3 resumed> => {parent_tid=[6548]}, 88) = 6548 [pid 6548] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6547] <... futex resumed>) = 0 [pid 6546] rt_sigprocmask(SIG_SETMASK, [], [pid 6547] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6546] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] <... rseq resumed>) = 0 [pid 6548] set_robust_list(0x7f6d360d69a0, 24 [pid 6546] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6548] <... set_robust_list resumed>) = 0 [pid 6548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6548] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6548] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6546] <... futex resumed>) = 0 [pid 6548] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6546] exit_group(0 [pid 6547] <... futex resumed>) = ? [pid 6548] <... futex resumed>) = ? [pid 6546] <... exit_group resumed>) = ? [pid 6548] +++ exited with 0 +++ [pid 6547] +++ exited with 0 +++ [pid 6546] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6546, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./500", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 146.149472][ T6547] loop0: detected capacity change from 0 to 64 umount2("./500/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./500/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./500/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./500/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./500/bus") = 0 umount2("./500/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./500/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./500/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./500") = 0 mkdir("./501", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6549 attached [pid 6549] set_robust_list(0x5555564f6760, 24 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6549 [pid 6549] <... set_robust_list resumed>) = 0 [pid 6549] chdir("./501") = 0 [pid 6549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6549] setpgid(0, 0) = 0 [pid 6549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6549] write(3, "1000", 4) = 4 [pid 6549] close(3) = 0 [pid 6549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6549] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6549] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6550 attached => {parent_tid=[6550]}, 88) = 6550 [pid 6550] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6550] <... rseq resumed>) = 0 [pid 6549] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] set_robust_list(0x7f6d468e79a0, 24 [pid 6549] <... futex resumed>) = 0 [pid 6550] <... set_robust_list resumed>) = 0 [pid 6550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6549] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6550] memfd_create("syzkaller", 0) = 3 [pid 6550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6550] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6550] close(3) = 0 [pid 6550] mkdir("./bus", 0777) = 0 [pid 6550] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6550] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6550] chdir("./bus") = 0 [pid 6550] ioctl(4, LOOP_CLR_FD) = 0 [pid 6550] close(4) = 0 [pid 6550] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6549] <... futex resumed>) = 0 [pid 6550] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6549] <... futex resumed>) = 0 [pid 6550] memfd_create("syzkaller", 0 [pid 6549] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6550] <... memfd_create resumed>) = 4 [pid 6550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6550] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6550] munmap(0x7f6d360cf000, 32768) = 0 [pid 6550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6550] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6550] ioctl(5, LOOP_CLR_FD) = 0 [pid 6550] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6550] close(5) = 0 [pid 6550] close(4) = 0 [pid 6550] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6550] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] <... futex resumed>) = 0 [pid 6550] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6549] <... futex resumed>) = 1 [pid 6549] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... futex resumed>) = 1 [pid 6550] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6550] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] <... futex resumed>) = 1 [pid 6549] <... futex resumed>) = 0 [pid 6550] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6549] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... mmap resumed>) = 0x20000000 [pid 6550] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6550] <... futex resumed>) = 1 [pid 6550] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6550] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6549] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6550] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6550] <... futex resumed>) = 1 [pid 6550] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6549] <... futex resumed>) = 0 [pid 6550] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6549] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6549] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6550] <... openat resumed>) = 6 [pid 6550] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6550] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] <... mprotect resumed>) = 0 [pid 6549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6551 attached [pid 6551] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6551] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 146.292973][ T6550] loop0: detected capacity change from 0 to 64 [pid 6551] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] <... clone3 resumed> => {parent_tid=[6551]}, 88) = 6551 [pid 6549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6549] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6551] <... futex resumed>) = 0 [pid 6549] <... futex resumed>) = 1 [pid 6551] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6549] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6551] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6551] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6549] exit_group(0 [pid 6551] <... futex resumed>) = 1 [pid 6551] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] <... exit_group resumed>) = ? [pid 6550] <... futex resumed>) = ? [pid 6551] <... futex resumed>) = ? [pid 6550] +++ exited with 0 +++ [pid 6551] +++ exited with 0 +++ [pid 6549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6549, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./501", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./501/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./501/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./501/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./501/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./501/bus") = 0 umount2("./501/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./501/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./501") = 0 mkdir("./502", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6552 attached , child_tidptr=0x5555564f6750) = 6552 [pid 6552] set_robust_list(0x5555564f6760, 24) = 0 [pid 6552] chdir("./502") = 0 [pid 6552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6552] setpgid(0, 0) = 0 [pid 6552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6552] write(3, "1000", 4) = 4 [pid 6552] close(3) = 0 [pid 6552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6552] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6552] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6553 attached => {parent_tid=[6553]}, 88) = 6553 [pid 6552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6553] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6552] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] <... rseq resumed>) = 0 [pid 6553] set_robust_list(0x7f6d468e79a0, 24 [pid 6552] <... futex resumed>) = 0 [pid 6553] <... set_robust_list resumed>) = 0 [pid 6553] rt_sigprocmask(SIG_SETMASK, [], [pid 6552] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6553] memfd_create("syzkaller", 0) = 3 [pid 6553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6553] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6553] close(3) = 0 [pid 6553] mkdir("./bus", 0777) = 0 [pid 6553] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6553] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6553] chdir("./bus") = 0 [pid 6553] ioctl(4, LOOP_CLR_FD) = 0 [pid 6553] close(4) = 0 [pid 6553] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6553] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] <... futex resumed>) = 0 [pid 6552] <... futex resumed>) = 1 [pid 6553] memfd_create("syzkaller", 0 [pid 6552] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6553] <... memfd_create resumed>) = 4 [pid 6553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6553] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6553] munmap(0x7f6d360cf000, 32768) = 0 [pid 6553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6553] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6553] ioctl(5, LOOP_CLR_FD) = 0 [pid 6553] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6553] close(5) = 0 [pid 6553] close(4) = 0 [pid 6553] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] <... futex resumed>) = 1 [pid 6553] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6553] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] <... futex resumed>) = 1 [pid 6553] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6553] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6552] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] <... futex resumed>) = 1 [pid 6553] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6553] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6553] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6552] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6552] <... futex resumed>) = 0 [pid 6553] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6552] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6552] <... futex resumed>) = 0 [ 146.419060][ T6553] loop0: detected capacity change from 0 to 64 [pid 6553] <... futex resumed>) = 0 [pid 6552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6553] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6552] <... mmap resumed>) = 0x7f6d360b6000 [pid 6552] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6554 attached [pid 6554] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6552] <... clone3 resumed> => {parent_tid=[6554]}, 88) = 6554 [pid 6554] set_robust_list(0x7f6d360d69a0, 24 [pid 6552] rt_sigprocmask(SIG_SETMASK, [], [pid 6554] <... set_robust_list resumed>) = 0 [pid 6552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6554] rt_sigprocmask(SIG_SETMASK, [], [pid 6552] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6552] <... futex resumed>) = 0 [pid 6554] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6552] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6554] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6554] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6552] <... futex resumed>) = 0 [pid 6554] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6552] exit_group(0 [pid 6553] <... futex resumed>) = ? [pid 6552] <... exit_group resumed>) = ? [pid 6554] <... futex resumed>) = ? [pid 6553] +++ exited with 0 +++ [pid 6554] +++ exited with 0 +++ [pid 6552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6552, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./502", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./502/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./502/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./502/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./502/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./502/bus") = 0 umount2("./502/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./502/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./502") = 0 mkdir("./503", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6555 ./strace-static-x86_64: Process 6555 attached [pid 6555] set_robust_list(0x5555564f6760, 24) = 0 [pid 6555] chdir("./503") = 0 [pid 6555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6555] setpgid(0, 0) = 0 [pid 6555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6555] write(3, "1000", 4) = 4 [pid 6555] close(3) = 0 [pid 6555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6555] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6555] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6556 attached => {parent_tid=[6556]}, 88) = 6556 [pid 6556] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6555] rt_sigprocmask(SIG_SETMASK, [], [pid 6556] set_robust_list(0x7f6d468e79a0, 24 [pid 6555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6555] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] <... set_robust_list resumed>) = 0 [pid 6555] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6556] memfd_create("syzkaller", 0) = 3 [pid 6556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6556] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6556] close(3) = 0 [pid 6556] mkdir("./bus", 0777) = 0 [pid 6556] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6556] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6556] chdir("./bus") = 0 [pid 6556] ioctl(4, LOOP_CLR_FD) = 0 [pid 6556] close(4) = 0 [pid 6556] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6556] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6555] <... futex resumed>) = 0 [pid 6556] memfd_create("syzkaller", 0 [pid 6555] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6556] <... memfd_create resumed>) = 4 [pid 6556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6556] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6556] munmap(0x7f6d360cf000, 32768) = 0 [pid 6556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6556] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6556] ioctl(5, LOOP_CLR_FD) = 0 [pid 6556] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6556] close(5) = 0 [pid 6556] close(4) = 0 [pid 6556] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... futex resumed>) = 1 [pid 6556] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6556] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = 0 [pid 6555] <... futex resumed>) = 1 [pid 6556] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6555] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... write resumed>) = 12288 [pid 6556] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... futex resumed>) = 1 [pid 6556] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6556] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6556] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6556] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6556] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6555] <... futex resumed>) = 0 [pid 6556] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6555] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6555] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6556] <... openat resumed>) = 6 [pid 6555] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6556] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6557 attached [pid 6557] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6557] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6557] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6556] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] <... clone3 resumed> => {parent_tid=[6557]}, 88) = 6557 [pid 6555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6555] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] <... futex resumed>) = 0 [pid 6555] <... futex resumed>) = 1 [ 146.549446][ T6556] loop0: detected capacity change from 0 to 64 [pid 6557] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6555] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6557] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6557] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6557] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] exit_group(0 [pid 6557] <... futex resumed>) = ? [pid 6556] <... futex resumed>) = ? [pid 6555] <... exit_group resumed>) = ? [pid 6557] +++ exited with 0 +++ [pid 6556] +++ exited with 0 +++ [pid 6555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6555, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./503", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./503/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./503/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./503/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./503/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./503/bus") = 0 umount2("./503/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./503/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./503") = 0 mkdir("./504", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6558 attached , child_tidptr=0x5555564f6750) = 6558 [pid 6558] set_robust_list(0x5555564f6760, 24) = 0 [pid 6558] chdir("./504") = 0 [pid 6558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6558] setpgid(0, 0) = 0 [pid 6558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6558] write(3, "1000", 4) = 4 [pid 6558] close(3) = 0 [pid 6558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6558] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6558] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6559 attached [pid 6559] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6558] <... clone3 resumed> => {parent_tid=[6559]}, 88) = 6559 [pid 6559] set_robust_list(0x7f6d468e79a0, 24 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], [pid 6559] <... set_robust_list resumed>) = 0 [pid 6558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6559] rt_sigprocmask(SIG_SETMASK, [], [pid 6558] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6558] <... futex resumed>) = 0 [pid 6559] memfd_create("syzkaller", 0 [pid 6558] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6559] <... memfd_create resumed>) = 3 [pid 6559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6559] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6559] close(3) = 0 [pid 6559] mkdir("./bus", 0777) = 0 [pid 6559] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6559] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6559] chdir("./bus") = 0 [pid 6559] ioctl(4, LOOP_CLR_FD) = 0 [pid 6559] close(4) = 0 [pid 6559] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... futex resumed>) = 0 [pid 6559] <... futex resumed>) = 1 [pid 6558] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] memfd_create("syzkaller", 0 [pid 6558] <... futex resumed>) = 0 [pid 6559] <... memfd_create resumed>) = 4 [pid 6558] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6559] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6559] munmap(0x7f6d360cf000, 32768) = 0 [pid 6559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6559] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6559] ioctl(5, LOOP_CLR_FD) = 0 [pid 6559] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6559] close(5) = 0 [pid 6559] close(4) = 0 [pid 6559] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6559] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] <... futex resumed>) = 0 [pid 6559] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6559] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] <... futex resumed>) = 1 [pid 6559] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] <... write resumed>) = 12288 [pid 6559] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... futex resumed>) = 0 [pid 6559] <... futex resumed>) = 1 [pid 6558] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] <... mmap resumed>) = 0x20000000 [pid 6559] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6559] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6558] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6558] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] <... openat resumed>) = 5 [pid 6559] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6559] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6558] <... futex resumed>) = 0 [pid 6559] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6559] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6558] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] <... openat resumed>) = 6 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6559] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] <... mmap resumed>) = 0x7f6d360b6000 [pid 6559] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6560 attached => {parent_tid=[6560]}, 88) = 6560 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6558] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6560] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [ 146.649475][ T6559] loop0: detected capacity change from 0 to 64 [pid 6560] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6560] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6560] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... futex resumed>) = 0 [pid 6558] exit_group(0) = ? [pid 6559] <... futex resumed>) = ? [pid 6559] +++ exited with 0 +++ [pid 6560] <... futex resumed>) = ? [pid 6560] +++ exited with 0 +++ [pid 6558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6558, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./504", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./504/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./504/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./504/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./504/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./504/bus") = 0 umount2("./504/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./504/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./504") = 0 mkdir("./505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6561 attached , child_tidptr=0x5555564f6750) = 6561 [pid 6561] set_robust_list(0x5555564f6760, 24) = 0 [pid 6561] chdir("./505") = 0 [pid 6561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6561] setpgid(0, 0) = 0 [pid 6561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6561] write(3, "1000", 4) = 4 [pid 6561] close(3) = 0 [pid 6561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6561] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6561] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6561] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6562]}, 88) = 6562 [pid 6561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6562 attached [pid 6561] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6562] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6561] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6562] <... rseq resumed>) = 0 [pid 6562] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6562] memfd_create("syzkaller", 0) = 3 [pid 6562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6562] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6562] close(3) = 0 [pid 6562] mkdir("./bus", 0777) = 0 [pid 6562] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6562] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6562] chdir("./bus") = 0 [pid 6562] ioctl(4, LOOP_CLR_FD) = 0 [pid 6562] close(4) = 0 [pid 6562] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6562] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] <... futex resumed>) = 0 [pid 6561] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6562] <... futex resumed>) = 0 [pid 6562] memfd_create("syzkaller", 0) = 4 [pid 6562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6562] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6562] munmap(0x7f6d360cf000, 32768) = 0 [pid 6562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6562] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6562] ioctl(5, LOOP_CLR_FD) = 0 [pid 6562] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6562] close(5) = 0 [pid 6562] close(4) = 0 [pid 6562] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] <... futex resumed>) = 0 [pid 6562] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6561] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 146.778241][ T6562] loop0: detected capacity change from 0 to 64 [pid 6562] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6562] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] <... futex resumed>) = 0 [pid 6562] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = 0 [pid 6561] <... futex resumed>) = 1 [pid 6562] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6561] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] <... write resumed>) = 12288 [pid 6562] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6562] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] <... futex resumed>) = 0 [pid 6561] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = 0 [pid 6561] <... futex resumed>) = 1 [pid 6562] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6561] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] <... mmap resumed>) = 0x20000000 [pid 6562] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] <... futex resumed>) = 0 [pid 6562] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] <... futex resumed>) = 0 [pid 6562] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6561] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6562] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6562] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] <... futex resumed>) = 0 [pid 6562] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] <... futex resumed>) = 0 [pid 6562] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6561] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6561] <... futex resumed>) = 0 [pid 6561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6562] <... openat resumed>) = 6 [pid 6561] <... mmap resumed>) = 0x7f6d360b6000 [pid 6562] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6562] <... futex resumed>) = 0 [pid 6562] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] <... mprotect resumed>) = 0 [pid 6561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6563 attached [pid 6563] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6561] <... clone3 resumed> => {parent_tid=[6563]}, 88) = 6563 [pid 6563] <... rseq resumed>) = 0 [pid 6563] set_robust_list(0x7f6d360d69a0, 24 [pid 6561] rt_sigprocmask(SIG_SETMASK, [], [pid 6563] <... set_robust_list resumed>) = 0 [pid 6563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6563] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] <... futex resumed>) = 0 [pid 6563] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6561] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6563] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6563] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6561] <... futex resumed>) = 0 [pid 6563] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] exit_group(0) = ? [pid 6562] <... futex resumed>) = ? [pid 6563] <... futex resumed>) = ? [pid 6562] +++ exited with 0 +++ [pid 6563] +++ exited with 0 +++ [pid 6561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6561, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./505", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./505/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./505/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./505/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./505/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./505/bus") = 0 umount2("./505/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./505/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./505") = 0 mkdir("./506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6564 attached , child_tidptr=0x5555564f6750) = 6564 [pid 6564] set_robust_list(0x5555564f6760, 24) = 0 [pid 6564] chdir("./506") = 0 [pid 6564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6564] setpgid(0, 0) = 0 [pid 6564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6564] write(3, "1000", 4) = 4 [pid 6564] close(3) = 0 [pid 6564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6564] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6564] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6565 attached => {parent_tid=[6565]}, 88) = 6565 [pid 6564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6564] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6565] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6565] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6565] memfd_create("syzkaller", 0) = 3 [pid 6565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6565] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6565] close(3) = 0 [pid 6565] mkdir("./bus", 0777) = 0 [pid 6565] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6565] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6565] chdir("./bus") = 0 [pid 6565] ioctl(4, LOOP_CLR_FD) = 0 [pid 6565] close(4) = 0 [pid 6565] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6565] memfd_create("syzkaller", 0 [pid 6564] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... memfd_create resumed>) = 4 [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6565] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6565] munmap(0x7f6d360cf000, 32768) = 0 [pid 6565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6565] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6565] ioctl(5, LOOP_CLR_FD) = 0 [pid 6565] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6565] close(5) = 0 [pid 6565] close(4) = 0 [pid 6565] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6565] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6564] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... openat resumed>) = 4 [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] <... futex resumed>) = 1 [pid 6564] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6565] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6565] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6565] <... futex resumed>) = 0 [pid 6565] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6564] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] <... mmap resumed>) = 0x20000000 [pid 6565] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6565] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6564] <... futex resumed>) = 0 [pid 6565] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6564] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6565] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6564] <... futex resumed>) = 0 [pid 6565] <... futex resumed>) = 1 [pid 6564] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6564] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6564] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6565] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6564] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6565] <... openat resumed>) = 6 [ 146.922849][ T6565] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 6566 attached [pid 6566] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6564] <... clone3 resumed> => {parent_tid=[6566]}, 88) = 6566 [pid 6566] <... rseq resumed>) = 0 [pid 6565] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6564] rt_sigprocmask(SIG_SETMASK, [], [pid 6565] <... futex resumed>) = 0 [pid 6564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6565] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6566] set_robust_list(0x7f6d360d69a0, 24 [pid 6564] <... futex resumed>) = 0 [pid 6566] <... set_robust_list resumed>) = 0 [pid 6566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6564] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6566] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6566] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6566] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] <... futex resumed>) = 0 [pid 6564] exit_group(0 [pid 6566] <... futex resumed>) = ? [pid 6565] <... futex resumed>) = ? [pid 6564] <... exit_group resumed>) = ? [pid 6566] +++ exited with 0 +++ [pid 6565] +++ exited with 0 +++ [pid 6564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6564, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./506", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./506/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./506/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./506/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./506/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./506/bus") = 0 umount2("./506/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./506/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./506") = 0 mkdir("./507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6567 ./strace-static-x86_64: Process 6567 attached [pid 6567] set_robust_list(0x5555564f6760, 24) = 0 [pid 6567] chdir("./507") = 0 [pid 6567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6567] setpgid(0, 0) = 0 [pid 6567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6567] write(3, "1000", 4) = 4 [pid 6567] close(3) = 0 [pid 6567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6567] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6567] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6567] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6568]}, 88) = 6568 [pid 6567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6567] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6568 attached [pid 6568] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6568] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6568] memfd_create("syzkaller", 0) = 3 [pid 6568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6568] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6568] close(3) = 0 [pid 6568] mkdir("./bus", 0777) = 0 [pid 6568] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6568] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6568] chdir("./bus") = 0 [pid 6568] ioctl(4, LOOP_CLR_FD) = 0 [pid 6568] close(4) = 0 [pid 6568] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6568] memfd_create("syzkaller", 0) = 4 [pid 6568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6568] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6568] munmap(0x7f6d360cf000, 32768) = 0 [pid 6568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6568] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6568] ioctl(5, LOOP_CLR_FD) = 0 [pid 6568] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6568] close(5) = 0 [pid 6568] close(4) = 0 [pid 6568] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6568] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6568] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6567] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6568] <... write resumed>) = 12288 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6567] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] <... mmap resumed>) = 0x20000000 [pid 6568] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6568] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6567] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 147.044635][ T6568] loop0: detected capacity change from 0 to 64 [pid 6568] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6567] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6567] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6568] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6567] <... futex resumed>) = 0 [pid 6568] <... openat resumed>) = 6 [pid 6567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6568] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6567] <... mmap resumed>) = 0x7f6d360b6000 [pid 6567] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6569 attached => {parent_tid=[6569]}, 88) = 6569 [pid 6569] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6569] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6567] rt_sigprocmask(SIG_SETMASK, [], [pid 6569] rt_sigprocmask(SIG_SETMASK, [], [pid 6567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6567] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6569] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6569] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] <... futex resumed>) = 0 [pid 6569] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6567] exit_group(0 [pid 6569] <... futex resumed>) = ? [pid 6569] +++ exited with 0 +++ [pid 6568] <... futex resumed>) = ? [pid 6567] <... exit_group resumed>) = ? [pid 6568] +++ exited with 0 +++ [pid 6567] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6567, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./507", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./507/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./507/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./507/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./507/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./507/bus") = 0 umount2("./507/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./507/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./507") = 0 mkdir("./508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6570 attached , child_tidptr=0x5555564f6750) = 6570 [pid 6570] set_robust_list(0x5555564f6760, 24) = 0 [pid 6570] chdir("./508") = 0 [pid 6570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6570] setpgid(0, 0) = 0 [pid 6570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6570] write(3, "1000", 4) = 4 [pid 6570] close(3) = 0 [pid 6570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6570] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6570] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6571 attached => {parent_tid=[6571]}, 88) = 6571 [pid 6570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6570] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6571] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6571] rt_sigprocmask(SIG_SETMASK, [], [pid 6570] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6571] memfd_create("syzkaller", 0) = 3 [pid 6571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6571] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6571] close(3) = 0 [pid 6571] mkdir("./bus", 0777) = 0 [pid 6571] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6571] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6571] chdir("./bus") = 0 [pid 6571] ioctl(4, LOOP_CLR_FD) = 0 [pid 6571] close(4) = 0 [pid 6571] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6570] <... futex resumed>) = 0 [pid 6571] <... futex resumed>) = 1 [pid 6570] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6571] memfd_create("syzkaller", 0 [pid 6570] <... futex resumed>) = 0 [pid 6571] <... memfd_create resumed>) = 4 [pid 6570] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6571] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6571] munmap(0x7f6d360cf000, 32768) = 0 [pid 6571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6571] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6571] ioctl(5, LOOP_CLR_FD) = 0 [pid 6571] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6571] close(5) = 0 [pid 6571] close(4) = 0 [pid 6571] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6570] <... futex resumed>) = 0 [pid 6571] <... futex resumed>) = 1 [pid 6570] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6570] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] <... openat resumed>) = 4 [pid 6571] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6570] <... futex resumed>) = 0 [pid 6570] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] <... futex resumed>) = 1 [pid 6570] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6571] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6570] <... futex resumed>) = 0 [pid 6570] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] <... futex resumed>) = 1 [pid 6571] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [ 147.201821][ T6571] loop0: detected capacity change from 0 to 64 [pid 6571] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] <... futex resumed>) = 0 [pid 6571] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6570] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6570] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6571] <... openat resumed>) = 5 [pid 6571] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6570] <... futex resumed>) = 0 [pid 6570] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6571] <... futex resumed>) = 1 [pid 6570] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6571] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6570] <... futex resumed>) = 0 [pid 6571] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6571] <... openat resumed>) = 6 [pid 6570] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6570] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6571] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6571] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6572 attached => {parent_tid=[6572]}, 88) = 6572 [pid 6570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6570] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6572] set_robust_list(0x7f6d360d69a0, 24 [pid 6570] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6572] <... set_robust_list resumed>) = 0 [pid 6572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6572] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6572] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] <... futex resumed>) = 0 [pid 6572] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6570] exit_group(0 [pid 6571] <... futex resumed>) = ? [pid 6572] <... futex resumed>) = ? [pid 6571] +++ exited with 0 +++ [pid 6570] <... exit_group resumed>) = ? [pid 6572] +++ exited with 0 +++ [pid 6570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6570, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./508", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./508/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./508/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./508/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./508/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./508/bus") = 0 umount2("./508/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./508/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./508") = 0 mkdir("./509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6573 attached , child_tidptr=0x5555564f6750) = 6573 [pid 6573] set_robust_list(0x5555564f6760, 24) = 0 [pid 6573] chdir("./509") = 0 [pid 6573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6573] setpgid(0, 0) = 0 [pid 6573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6573] write(3, "1000", 4) = 4 [pid 6573] close(3) = 0 [pid 6573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6573] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6573] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6574 attached [pid 6574] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6573] <... clone3 resumed> => {parent_tid=[6574]}, 88) = 6574 [pid 6574] set_robust_list(0x7f6d468e79a0, 24 [pid 6573] rt_sigprocmask(SIG_SETMASK, [], [pid 6574] <... set_robust_list resumed>) = 0 [pid 6573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6574] rt_sigprocmask(SIG_SETMASK, [], [pid 6573] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6574] memfd_create("syzkaller", 0) = 3 [pid 6574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6574] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6574] close(3) = 0 [pid 6574] mkdir("./bus", 0777) = 0 [pid 6574] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6574] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6574] chdir("./bus") = 0 [pid 6574] ioctl(4, LOOP_CLR_FD) = 0 [pid 6574] close(4) = 0 [pid 6574] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6574] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6574] memfd_create("syzkaller", 0 [pid 6573] <... futex resumed>) = 0 [pid 6574] <... memfd_create resumed>) = 4 [pid 6573] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6574] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6574] munmap(0x7f6d360cf000, 32768) = 0 [pid 6574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6574] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6574] ioctl(5, LOOP_CLR_FD) = 0 [pid 6574] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6574] close(5) = 0 [pid 6574] close(4) = 0 [pid 6574] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] <... futex resumed>) = 0 [pid 6574] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6574] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] <... futex resumed>) = 1 [pid 6574] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6574] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] <... futex resumed>) = 0 [pid 6573] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6574] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6573] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] <... mmap resumed>) = 0x20000000 [pid 6574] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6574] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6573] <... futex resumed>) = 0 [pid 6574] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6573] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6574] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6574] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6573] <... futex resumed>) = 0 [pid 6574] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6573] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6573] <... futex resumed>) = 0 [pid 6573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6574] <... openat resumed>) = 6 [pid 6573] <... mmap resumed>) = 0x7f6d360b6000 [pid 6574] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6573] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] <... mprotect resumed>) = 0 [pid 6573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6575 attached => {parent_tid=[6575]}, 88) = 6575 [pid 6575] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6573] rt_sigprocmask(SIG_SETMASK, [], [pid 6575] <... rseq resumed>) = 0 [pid 6575] set_robust_list(0x7f6d360d69a0, 24 [pid 6573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6575] <... set_robust_list resumed>) = 0 [pid 6573] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6575] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6575] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6573] <... futex resumed>) = 0 [pid 6575] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] exit_group(0 [pid 6575] <... futex resumed>) = ? [pid 6574] <... futex resumed>) = ? [pid 6573] <... exit_group resumed>) = ? [pid 6574] +++ exited with 0 +++ [ 147.333886][ T6574] loop0: detected capacity change from 0 to 64 [pid 6575] +++ exited with 0 +++ [pid 6573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6573, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./509", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./509/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./509/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./509/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./509/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./509/bus") = 0 umount2("./509/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./509/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./509") = 0 mkdir("./510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6576 attached , child_tidptr=0x5555564f6750) = 6576 [pid 6576] set_robust_list(0x5555564f6760, 24) = 0 [pid 6576] chdir("./510") = 0 [pid 6576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6576] setpgid(0, 0) = 0 [pid 6576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6576] write(3, "1000", 4) = 4 [pid 6576] close(3) = 0 [pid 6576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6576] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6576] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6577 attached [pid 6577] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6577] set_robust_list(0x7f6d468e79a0, 24 [pid 6576] <... clone3 resumed> => {parent_tid=[6577]}, 88) = 6577 [pid 6577] <... set_robust_list resumed>) = 0 [pid 6577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6577] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6576] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... futex resumed>) = 0 [pid 6576] <... futex resumed>) = 1 [pid 6577] memfd_create("syzkaller", 0) = 3 [pid 6576] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6577] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6577] close(3) = 0 [pid 6577] mkdir("./bus", 0777) = 0 [pid 6577] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6577] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6577] chdir("./bus") = 0 [pid 6577] ioctl(4, LOOP_CLR_FD) = 0 [pid 6577] close(4) = 0 [pid 6577] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... futex resumed>) = 0 [pid 6576] <... futex resumed>) = 1 [pid 6576] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6577] memfd_create("syzkaller", 0) = 4 [pid 6577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6577] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6577] munmap(0x7f6d360cf000, 32768) = 0 [pid 6577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6577] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6577] ioctl(5, LOOP_CLR_FD) = 0 [pid 6577] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6577] close(5) = 0 [pid 6577] close(4) = 0 [pid 6577] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... futex resumed>) = 1 [pid 6577] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6577] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... futex resumed>) = 0 [pid 6577] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6576] <... futex resumed>) = 1 [pid 6576] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... futex resumed>) = 1 [pid 6577] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6577] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... futex resumed>) = 1 [pid 6577] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6577] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6577] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] <... futex resumed>) = 0 [pid 6576] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6576] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6576] <... futex resumed>) = 0 [pid 6577] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6576] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6577] <... openat resumed>) = 6 [pid 6576] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6577] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6577] <... futex resumed>) = 0 [pid 6577] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6578 attached => {parent_tid=[6578]}, 88) = 6578 [pid 6578] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6576] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6578] <... rseq resumed>) = 0 [pid 6578] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6578] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6578] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] <... futex resumed>) = 0 [pid 6576] exit_group(0 [pid 6578] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6577] <... futex resumed>) = ? [pid 6578] +++ exited with 0 +++ [pid 6576] <... exit_group resumed>) = ? [pid 6577] +++ exited with 0 +++ [pid 6576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6576, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 147.510400][ T6577] loop0: detected capacity change from 0 to 64 umount2("./510", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./510/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./510/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./510/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./510/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./510/bus") = 0 umount2("./510/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./510/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./510") = 0 mkdir("./511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6579 attached , child_tidptr=0x5555564f6750) = 6579 [pid 6579] set_robust_list(0x5555564f6760, 24) = 0 [pid 6579] chdir("./511") = 0 [pid 6579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6579] setpgid(0, 0) = 0 [pid 6579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6579] write(3, "1000", 4) = 4 [pid 6579] close(3) = 0 [pid 6579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6579] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6579] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6579] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6580 attached [pid 6580] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6579] <... clone3 resumed> => {parent_tid=[6580]}, 88) = 6580 [pid 6580] <... rseq resumed>) = 0 [pid 6579] rt_sigprocmask(SIG_SETMASK, [], [pid 6580] set_robust_list(0x7f6d468e79a0, 24 [pid 6579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6580] <... set_robust_list resumed>) = 0 [pid 6579] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6580] memfd_create("syzkaller", 0) = 3 [pid 6580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6580] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6580] close(3) = 0 [pid 6580] mkdir("./bus", 0777) = 0 [pid 6580] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6580] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6580] chdir("./bus") = 0 [pid 6580] ioctl(4, LOOP_CLR_FD) = 0 [pid 6580] close(4) = 0 [pid 6580] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6580] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6580] <... futex resumed>) = 0 [pid 6580] memfd_create("syzkaller", 0) = 4 [pid 6580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6580] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6580] munmap(0x7f6d360cf000, 32768) = 0 [pid 6580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6580] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6580] ioctl(5, LOOP_CLR_FD) = 0 [pid 6580] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6580] close(5) = 0 [pid 6580] close(4) = 0 [pid 6580] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] <... futex resumed>) = 0 [pid 6580] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6579] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6579] <... futex resumed>) = 0 [pid 6580] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6579] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... openat resumed>) = 4 [pid 6580] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = 0 [pid 6580] <... futex resumed>) = 1 [pid 6579] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6579] <... futex resumed>) = 0 [pid 6579] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... write resumed>) = 12288 [pid 6580] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] <... futex resumed>) = 0 [pid 6580] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6579] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6579] <... futex resumed>) = 0 [pid 6580] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6579] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... mmap resumed>) = 0x20000000 [pid 6580] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] <... futex resumed>) = 0 [pid 6580] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6579] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6579] <... futex resumed>) = 0 [pid 6580] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6579] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 147.653139][ T6580] loop0: detected capacity change from 0 to 64 [pid 6580] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6580] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = 0 [pid 6580] <... futex resumed>) = 1 [pid 6579] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6579] <... futex resumed>) = 0 [pid 6580] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6579] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] <... openat resumed>) = 6 [pid 6579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6580] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6579] <... mmap resumed>) = 0x7f6d360b6000 [pid 6580] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6579] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6581 attached [pid 6581] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6581] set_robust_list(0x7f6d360d69a0, 24 [pid 6579] <... clone3 resumed> => {parent_tid=[6581]}, 88) = 6581 [pid 6581] <... set_robust_list resumed>) = 0 [pid 6579] rt_sigprocmask(SIG_SETMASK, [], [pid 6581] rt_sigprocmask(SIG_SETMASK, [], [pid 6579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6579] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6579] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6581] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6581] <... futex resumed>) = 0 [pid 6581] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6579] exit_group(0 [pid 6580] <... futex resumed>) = ? [pid 6581] <... futex resumed>) = ? [pid 6580] +++ exited with 0 +++ [pid 6581] +++ exited with 0 +++ [pid 6579] <... exit_group resumed>) = ? [pid 6579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6579, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./511", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./511/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./511/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./511/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./511/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./511/bus") = 0 umount2("./511/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./511/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./511") = 0 mkdir("./512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6582 attached [pid 6582] set_robust_list(0x5555564f6760, 24) = 0 [pid 6582] chdir("./512") = 0 [pid 6582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6582] setpgid(0, 0) = 0 [pid 6582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6582 [pid 6582] <... openat resumed>) = 3 [pid 6582] write(3, "1000", 4) = 4 [pid 6582] close(3) = 0 [pid 6582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6582] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6582] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6582] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6583 attached [pid 6583] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6582] <... clone3 resumed> => {parent_tid=[6583]}, 88) = 6583 [pid 6583] set_robust_list(0x7f6d468e79a0, 24 [pid 6582] rt_sigprocmask(SIG_SETMASK, [], [pid 6583] <... set_robust_list resumed>) = 0 [pid 6582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6583] rt_sigprocmask(SIG_SETMASK, [], [pid 6582] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6583] memfd_create("syzkaller", 0 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6583] <... memfd_create resumed>) = 3 [pid 6583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6583] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6583] close(3) = 0 [pid 6583] mkdir("./bus", 0777) = 0 [pid 6583] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6583] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6583] chdir("./bus") = 0 [pid 6583] ioctl(4, LOOP_CLR_FD) = 0 [pid 6583] close(4) = 0 [pid 6583] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6583] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6582] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6583] <... futex resumed>) = 0 [pid 6582] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6583] memfd_create("syzkaller", 0) = 4 [pid 6583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6583] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6583] munmap(0x7f6d360cf000, 32768) = 0 [pid 6583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6583] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6583] ioctl(5, LOOP_CLR_FD) = 0 [pid 6583] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6583] close(5) = 0 [pid 6583] close(4) = 0 [pid 6583] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6583] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6582] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6583] <... openat resumed>) = 4 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6583] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6582] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] <... write resumed>) = 12288 [pid 6583] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] <... futex resumed>) = 1 [pid 6583] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6583] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6583] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6582] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6583] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6582] <... futex resumed>) = 0 [pid 6583] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6582] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6582] <... futex resumed>) = 0 [pid 6583] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6582] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6582] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6584 attached [pid 6584] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6583] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6582] <... clone3 resumed> => {parent_tid=[6584]}, 88) = 6584 [ 147.794154][ T6583] loop0: detected capacity change from 0 to 64 [pid 6584] <... rseq resumed>) = 0 [pid 6582] rt_sigprocmask(SIG_SETMASK, [], [pid 6584] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6584] rt_sigprocmask(SIG_SETMASK, [], [pid 6582] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6582] <... futex resumed>) = 0 [pid 6582] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6584] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6583] <... openat resumed>) = 6 [pid 6583] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6584] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6582] <... futex resumed>) = 0 [pid 6583] <... futex resumed>) = 0 [pid 6583] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6582] exit_group(0 [pid 6584] <... futex resumed>) = ? [pid 6583] <... futex resumed>) = ? [pid 6582] <... exit_group resumed>) = ? [pid 6584] +++ exited with 0 +++ [pid 6583] +++ exited with 0 +++ [pid 6582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6582, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./512", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./512/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./512/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./512/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./512/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./512/bus") = 0 umount2("./512/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./512/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./512") = 0 mkdir("./513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6585 attached , child_tidptr=0x5555564f6750) = 6585 [pid 6585] set_robust_list(0x5555564f6760, 24) = 0 [pid 6585] chdir("./513") = 0 [pid 6585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6585] setpgid(0, 0) = 0 [pid 6585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6585] write(3, "1000", 4) = 4 [pid 6585] close(3) = 0 [pid 6585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6585] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6585] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6586]}, 88) = 6586 ./strace-static-x86_64: Process 6586 attached [pid 6585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6586] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6585] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] set_robust_list(0x7f6d468e79a0, 24 [pid 6585] <... futex resumed>) = 0 [pid 6586] <... set_robust_list resumed>) = 0 [pid 6586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6585] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6586] memfd_create("syzkaller", 0) = 3 [pid 6586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6586] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6586] close(3) = 0 [pid 6586] mkdir("./bus", 0777) = 0 [pid 6586] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6586] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6586] chdir("./bus") = 0 [pid 6586] ioctl(4, LOOP_CLR_FD) = 0 [pid 6586] close(4) = 0 [pid 6586] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6586] <... futex resumed>) = 0 [pid 6585] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6586] memfd_create("syzkaller", 0) = 4 [pid 6586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6586] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6586] munmap(0x7f6d360cf000, 32768) = 0 [pid 6586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6586] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6586] ioctl(5, LOOP_CLR_FD) = 0 [pid 6586] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6586] close(5) = 0 [pid 6586] close(4) = 0 [pid 6586] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] <... futex resumed>) = 0 [pid 6586] <... futex resumed>) = 1 [pid 6586] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6586] <... futex resumed>) = 0 [pid 6585] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6586] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] <... futex resumed>) = 0 [pid 6585] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6586] <... futex resumed>) = 1 [pid 6586] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6585] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] <... write resumed>) = 12288 [pid 6586] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6585] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6585] <... futex resumed>) = 0 [pid 6586] <... mmap resumed>) = 0x20000000 [pid 6585] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] <... futex resumed>) = 0 [pid 6585] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6586] <... futex resumed>) = 1 [pid 6585] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 147.936560][ T6586] loop0: detected capacity change from 0 to 64 [pid 6586] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6586] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] <... futex resumed>) = 0 [pid 6585] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6586] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6585] <... mmap resumed>) = 0x7f6d360b6000 [pid 6586] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6585] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6585] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6586] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6586] <... futex resumed>) = 0 [pid 6585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6586] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6587 attached [pid 6587] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6585] <... clone3 resumed> => {parent_tid=[6587]}, 88) = 6587 [pid 6587] <... rseq resumed>) = 0 [pid 6587] set_robust_list(0x7f6d360d69a0, 24 [pid 6585] rt_sigprocmask(SIG_SETMASK, [], [pid 6587] <... set_robust_list resumed>) = 0 [pid 6585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6587] rt_sigprocmask(SIG_SETMASK, [], [pid 6585] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6585] <... futex resumed>) = 0 [pid 6587] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6585] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6587] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6587] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6587] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] exit_group(0 [pid 6587] <... futex resumed>) = ? [pid 6586] <... futex resumed>) = ? [pid 6585] <... exit_group resumed>) = ? [pid 6587] +++ exited with 0 +++ [pid 6586] +++ exited with 0 +++ [pid 6585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6585, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./513", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./513/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./513/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./513/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./513/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./513/bus") = 0 umount2("./513/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./513/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./513") = 0 mkdir("./514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6588 attached , child_tidptr=0x5555564f6750) = 6588 [pid 6588] set_robust_list(0x5555564f6760, 24) = 0 [pid 6588] chdir("./514") = 0 [pid 6588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6588] setpgid(0, 0) = 0 [pid 6588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6588] write(3, "1000", 4) = 4 [pid 6588] close(3) = 0 [pid 6588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6588] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6588] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6589 attached [pid 6589] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6588] <... clone3 resumed> => {parent_tid=[6589]}, 88) = 6589 [pid 6589] <... rseq resumed>) = 0 [pid 6588] rt_sigprocmask(SIG_SETMASK, [], [pid 6589] set_robust_list(0x7f6d468e79a0, 24 [pid 6588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6589] <... set_robust_list resumed>) = 0 [pid 6588] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] rt_sigprocmask(SIG_SETMASK, [], [pid 6588] <... futex resumed>) = 0 [pid 6589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6588] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6589] memfd_create("syzkaller", 0) = 3 [pid 6589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6589] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6589] close(3) = 0 [pid 6589] mkdir("./bus", 0777) = 0 [pid 6589] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6589] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6589] chdir("./bus") = 0 [pid 6589] ioctl(4, LOOP_CLR_FD) = 0 [pid 6589] close(4) = 0 [pid 6589] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6589] memfd_create("syzkaller", 0 [pid 6588] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] <... memfd_create resumed>) = 4 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6589] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6589] munmap(0x7f6d360cf000, 32768) = 0 [pid 6589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6589] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6589] ioctl(5, LOOP_CLR_FD) = 0 [pid 6589] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6589] close(5) = 0 [pid 6589] close(4) = 0 [pid 6589] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6589] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] <... futex resumed>) = 0 [pid 6588] <... futex resumed>) = 1 [pid 6589] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6588] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] <... openat resumed>) = 4 [pid 6589] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... write resumed>) = 12288 [pid 6588] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] <... futex resumed>) = 1 [pid 6589] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6589] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... futex resumed>) = 1 [pid 6588] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6589] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... futex resumed>) = 1 [pid 6588] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... openat resumed>) = 6 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6588] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6589] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 148.077746][ T6589] loop0: detected capacity change from 0 to 64 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6590 attached [pid 6590] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6590] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6588] <... clone3 resumed> => {parent_tid=[6590]}, 88) = 6590 [pid 6590] rt_sigprocmask(SIG_SETMASK, [], [pid 6588] rt_sigprocmask(SIG_SETMASK, [], [pid 6590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6590] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6588] <... futex resumed>) = 0 [pid 6590] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6588] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6590] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6590] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6590] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] <... futex resumed>) = 0 [pid 6588] exit_group(0 [pid 6589] <... futex resumed>) = ? [pid 6590] <... futex resumed>) = ? [pid 6588] <... exit_group resumed>) = ? [pid 6589] +++ exited with 0 +++ [pid 6590] +++ exited with 0 +++ [pid 6588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6588, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./514", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./514/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./514/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./514/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./514/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./514/bus") = 0 umount2("./514/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./514/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./514") = 0 mkdir("./515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6591 attached , child_tidptr=0x5555564f6750) = 6591 [pid 6591] set_robust_list(0x5555564f6760, 24) = 0 [pid 6591] chdir("./515") = 0 [pid 6591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6591] setpgid(0, 0) = 0 [pid 6591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6591] write(3, "1000", 4) = 4 [pid 6591] close(3) = 0 [pid 6591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6591] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6591] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6592 attached => {parent_tid=[6592]}, 88) = 6592 [pid 6591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6591] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6592] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6592] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6592] memfd_create("syzkaller", 0) = 3 [pid 6592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6592] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6592] close(3) = 0 [pid 6592] mkdir("./bus", 0777) = 0 [pid 6592] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6592] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6592] chdir("./bus") = 0 [pid 6592] ioctl(4, LOOP_CLR_FD) = 0 [pid 6592] close(4) = 0 [pid 6592] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6592] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6591] <... futex resumed>) = 0 [pid 6592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6591] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6592] memfd_create("syzkaller", 0) = 4 [pid 6591] <... futex resumed>) = 0 [pid 6592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6591] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6592] <... mmap resumed>) = 0x7f6d360cf000 [pid 6592] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6592] munmap(0x7f6d360cf000, 32768) = 0 [pid 6592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6592] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6592] ioctl(5, LOOP_CLR_FD) = 0 [pid 6592] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6592] close(5) = 0 [pid 6592] close(4) = 0 [pid 6592] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6592] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6592] <... futex resumed>) = 0 [pid 6591] <... futex resumed>) = 1 [pid 6592] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6591] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] <... openat resumed>) = 4 [pid 6592] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] <... futex resumed>) = 0 [pid 6592] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6591] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6592] <... futex resumed>) = 0 [pid 6591] <... futex resumed>) = 1 [pid 6592] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6591] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] <... write resumed>) = 12288 [pid 6592] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] <... futex resumed>) = 1 [pid 6592] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6592] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] <... futex resumed>) = 1 [pid 6592] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6592] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6592] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6591] <... futex resumed>) = 0 [pid 6591] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6591] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6593 attached [pid 6592] <... futex resumed>) = 1 [pid 6591] <... clone3 resumed> => {parent_tid=[6593]}, 88) = 6593 [pid 6593] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6592] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6591] rt_sigprocmask(SIG_SETMASK, [], [pid 6593] <... rseq resumed>) = 0 [pid 6593] set_robust_list(0x7f6d360d69a0, 24 [pid 6592] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6593] <... set_robust_list resumed>) = 0 [pid 6592] <... openat resumed>) = 6 [pid 6591] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6591] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6592] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6593] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6593] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6591] <... futex resumed>) = 0 [pid 6591] exit_group(0 [pid 6593] <... futex resumed>) = ? [pid 6592] <... futex resumed>) = ? [pid 6593] +++ exited with 0 +++ [pid 6592] +++ exited with 0 +++ [pid 6591] <... exit_group resumed>) = ? [ 148.230765][ T6592] loop0: detected capacity change from 0 to 64 [pid 6591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6591, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./515", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./515/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./515/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./515/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./515/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./515/bus") = 0 umount2("./515/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./515/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./515") = 0 mkdir("./516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6594 attached , child_tidptr=0x5555564f6750) = 6594 [pid 6594] set_robust_list(0x5555564f6760, 24) = 0 [pid 6594] chdir("./516") = 0 [pid 6594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6594] setpgid(0, 0) = 0 [pid 6594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6594] write(3, "1000", 4) = 4 [pid 6594] close(3) = 0 [pid 6594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6594] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6594] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6595 attached => {parent_tid=[6595]}, 88) = 6595 [pid 6594] rt_sigprocmask(SIG_SETMASK, [], [pid 6595] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6595] <... rseq resumed>) = 0 [pid 6594] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] set_robust_list(0x7f6d468e79a0, 24 [pid 6594] <... futex resumed>) = 0 [pid 6595] <... set_robust_list resumed>) = 0 [pid 6594] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6595] memfd_create("syzkaller", 0) = 3 [pid 6595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6595] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6595] close(3) = 0 [pid 6595] mkdir("./bus", 0777) = 0 [pid 6595] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6595] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6595] chdir("./bus") = 0 [pid 6595] ioctl(4, LOOP_CLR_FD) = 0 [pid 6595] close(4) = 0 [pid 6595] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = 0 [pid 6595] <... futex resumed>) = 1 [pid 6594] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] memfd_create("syzkaller", 0 [pid 6594] <... futex resumed>) = 0 [pid 6595] <... memfd_create resumed>) = 4 [pid 6594] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6595] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6595] munmap(0x7f6d360cf000, 32768) = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6595] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6595] ioctl(5, LOOP_CLR_FD) = 0 [pid 6595] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6595] close(5) = 0 [pid 6595] close(4) = 0 [pid 6595] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6595] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... futex resumed>) = 0 [pid 6594] <... futex resumed>) = 1 [pid 6595] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6595] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6594] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6594] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... futex resumed>) = 0 [pid 6594] <... futex resumed>) = 1 [pid 6595] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6595] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 0 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6595] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6594] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... mmap resumed>) = 0x20000000 [pid 6594] <... futex resumed>) = 0 [pid 6595] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 0 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6595] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6594] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6594] <... futex resumed>) = 0 [pid 6595] <... openat resumed>) = 5 [pid 6594] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6595] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6594] <... mmap resumed>) = 0x7f6d360b6000 [pid 6595] <... openat resumed>) = 6 [pid 6594] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6595] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6596 attached [ 148.368756][ T6595] loop0: detected capacity change from 0 to 64 => {parent_tid=[6596]}, 88) = 6596 [pid 6596] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6594] rt_sigprocmask(SIG_SETMASK, [], [pid 6596] <... rseq resumed>) = 0 [pid 6594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6596] set_robust_list(0x7f6d360d69a0, 24 [pid 6594] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6596] <... set_robust_list resumed>) = 0 [pid 6596] rt_sigprocmask(SIG_SETMASK, [], [pid 6594] <... futex resumed>) = 0 [pid 6596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6594] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6596] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6596] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = 0 [pid 6596] <... futex resumed>) = 1 [pid 6596] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6594] exit_group(0 [pid 6596] <... futex resumed>) = ? [pid 6596] +++ exited with 0 +++ [pid 6594] <... exit_group resumed>) = ? [pid 6595] <... futex resumed>) = ? [pid 6595] +++ exited with 0 +++ [pid 6594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6594, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./516", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./516/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./516/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./516/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./516/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./516/bus") = 0 umount2("./516/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./516/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./516") = 0 mkdir("./517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6597 attached , child_tidptr=0x5555564f6750) = 6597 [pid 6597] set_robust_list(0x5555564f6760, 24) = 0 [pid 6597] chdir("./517") = 0 [pid 6597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6597] setpgid(0, 0) = 0 [pid 6597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6597] write(3, "1000", 4) = 4 [pid 6597] close(3) = 0 [pid 6597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6597] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6597] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6598 attached [pid 6598] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6597] <... clone3 resumed> => {parent_tid=[6598]}, 88) = 6598 [pid 6598] set_robust_list(0x7f6d468e79a0, 24 [pid 6597] rt_sigprocmask(SIG_SETMASK, [], [pid 6598] <... set_robust_list resumed>) = 0 [pid 6597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6598] rt_sigprocmask(SIG_SETMASK, [], [pid 6597] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6598] memfd_create("syzkaller", 0 [pid 6597] <... futex resumed>) = 0 [pid 6597] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6598] <... memfd_create resumed>) = 3 [pid 6598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6598] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6598] close(3) = 0 [pid 6598] mkdir("./bus", 0777) = 0 [pid 6598] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6598] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6598] chdir("./bus") = 0 [pid 6598] ioctl(4, LOOP_CLR_FD) = 0 [pid 6598] close(4) = 0 [pid 6598] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6597] <... futex resumed>) = 0 [pid 6597] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6597] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6598] memfd_create("syzkaller", 0) = 4 [pid 6598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6598] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6598] munmap(0x7f6d360cf000, 32768) = 0 [pid 6598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6598] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6598] ioctl(5, LOOP_CLR_FD) = 0 [pid 6598] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6598] close(5) = 0 [pid 6598] close(4) = 0 [pid 6598] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6597] <... futex resumed>) = 0 [pid 6598] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6597] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... futex resumed>) = 0 [pid 6597] <... futex resumed>) = 1 [pid 6598] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6597] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6598] <... futex resumed>) = 0 [pid 6597] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6597] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] <... write resumed>) = 12288 [pid 6598] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6598] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6597] <... futex resumed>) = 0 [pid 6597] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... futex resumed>) = 0 [pid 6597] <... futex resumed>) = 1 [pid 6598] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6597] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] <... mmap resumed>) = 0x20000000 [pid 6598] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6598] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6597] <... futex resumed>) = 0 [ 148.514778][ T6598] loop0: detected capacity change from 0 to 64 [pid 6597] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6598] <... futex resumed>) = 0 [pid 6598] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6597] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6598] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6598] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6597] <... futex resumed>) = 0 [pid 6597] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... futex resumed>) = 0 [pid 6597] <... futex resumed>) = 1 [pid 6598] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6597] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6598] <... openat resumed>) = 6 [pid 6597] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6599 attached [pid 6599] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6597] <... clone3 resumed> => {parent_tid=[6599]}, 88) = 6599 [pid 6599] <... rseq resumed>) = 0 [pid 6597] rt_sigprocmask(SIG_SETMASK, [], [pid 6599] set_robust_list(0x7f6d360d69a0, 24 [pid 6597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6598] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... set_robust_list resumed>) = 0 [pid 6597] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] rt_sigprocmask(SIG_SETMASK, [], [pid 6598] <... futex resumed>) = 0 [pid 6597] <... futex resumed>) = 0 [pid 6598] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6597] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6599] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6599] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = 0 [pid 6597] exit_group(0 [pid 6598] <... futex resumed>) = ? [pid 6597] <... exit_group resumed>) = ? [pid 6599] <... futex resumed>) = ? [pid 6598] +++ exited with 0 +++ [pid 6599] +++ exited with 0 +++ [pid 6597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6597, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./517", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./517/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./517/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./517/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./517/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./517/bus") = 0 umount2("./517/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./517/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./517") = 0 mkdir("./518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6600 attached , child_tidptr=0x5555564f6750) = 6600 [pid 6600] set_robust_list(0x5555564f6760, 24) = 0 [pid 6600] chdir("./518") = 0 [pid 6600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6600] setpgid(0, 0) = 0 [pid 6600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6600] write(3, "1000", 4) = 4 [pid 6600] close(3) = 0 [pid 6600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6600] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6600] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6600] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6601 attached [pid 6601] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6601] set_robust_list(0x7f6d468e79a0, 24 [pid 6600] <... clone3 resumed> => {parent_tid=[6601]}, 88) = 6601 [pid 6601] <... set_robust_list resumed>) = 0 [pid 6600] rt_sigprocmask(SIG_SETMASK, [], [pid 6601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6601] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6600] <... futex resumed>) = 0 [pid 6600] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6601] memfd_create("syzkaller", 0) = 3 [pid 6601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6601] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6601] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6601] close(3) = 0 [pid 6601] mkdir("./bus", 0777) = 0 [pid 6601] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6601] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6601] chdir("./bus") = 0 [pid 6601] ioctl(4, LOOP_CLR_FD) = 0 [pid 6601] close(4) = 0 [pid 6601] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] memfd_create("syzkaller", 0 [pid 6600] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... memfd_create resumed>) = 4 [pid 6601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6601] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6601] munmap(0x7f6d360cf000, 32768) = 0 [pid 6601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6601] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6601] ioctl(5, LOOP_CLR_FD) = 0 [pid 6600] <... futex resumed>) = 0 [pid 6600] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6601] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6601] close(5) = 0 [pid 6601] close(4) = 0 [pid 6601] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6600] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6600] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] <... openat resumed>) = 4 [pid 6601] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6600] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6600] <... futex resumed>) = 0 [pid 6600] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] <... write resumed>) = 12288 [pid 6601] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6600] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6600] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] <... mmap resumed>) = 0x20000000 [pid 6601] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6600] <... futex resumed>) = 0 [pid 6601] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6600] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6601] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6601] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] <... futex resumed>) = 0 [pid 6601] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6600] <... futex resumed>) = 0 [pid 6601] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6600] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6600] <... futex resumed>) = 0 [pid 6600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6601] <... openat resumed>) = 6 [pid 6600] <... mmap resumed>) = 0x7f6d360b6000 [pid 6601] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6600] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 148.651405][ T6601] loop0: detected capacity change from 0 to 64 [pid 6600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6602 attached => {parent_tid=[6602]}, 88) = 6602 [pid 6602] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6600] rt_sigprocmask(SIG_SETMASK, [], [pid 6602] <... rseq resumed>) = 0 [pid 6602] set_robust_list(0x7f6d360d69a0, 24 [pid 6600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6602] <... set_robust_list resumed>) = 0 [pid 6600] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6602] rt_sigprocmask(SIG_SETMASK, [], [pid 6600] <... futex resumed>) = 0 [pid 6602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6600] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6602] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6602] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6600] <... futex resumed>) = 0 [pid 6602] <... futex resumed>) = 1 [pid 6600] exit_group(0 [pid 6602] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6601] <... futex resumed>) = ? [pid 6602] +++ exited with 0 +++ [pid 6601] +++ exited with 0 +++ [pid 6600] <... exit_group resumed>) = ? [pid 6600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6600, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./518", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./518/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./518/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./518/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./518/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./518/bus") = 0 umount2("./518/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./518/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./518") = 0 mkdir("./519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6603 attached , child_tidptr=0x5555564f6750) = 6603 [pid 6603] set_robust_list(0x5555564f6760, 24) = 0 [pid 6603] chdir("./519") = 0 [pid 6603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6603] setpgid(0, 0) = 0 [pid 6603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6603] write(3, "1000", 4) = 4 [pid 6603] close(3) = 0 [pid 6603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6603] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6603] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6604 attached [pid 6604] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6604] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6603] <... clone3 resumed> => {parent_tid=[6604]}, 88) = 6604 [pid 6604] rt_sigprocmask(SIG_SETMASK, [], [pid 6603] rt_sigprocmask(SIG_SETMASK, [], [pid 6604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6603] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6604] memfd_create("syzkaller", 0) = 3 [pid 6604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6604] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6604] close(3) = 0 [pid 6604] mkdir("./bus", 0777) = 0 [pid 6604] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6604] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6604] chdir("./bus") = 0 [pid 6604] ioctl(4, LOOP_CLR_FD) = 0 [pid 6604] close(4) = 0 [pid 6604] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6604] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... futex resumed>) = 0 [pid 6603] <... futex resumed>) = 1 [pid 6604] memfd_create("syzkaller", 0) = 4 [pid 6604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6604] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6604] munmap(0x7f6d360cf000, 32768) = 0 [pid 6604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6604] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6603] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6604] ioctl(5, LOOP_CLR_FD) = 0 [pid 6604] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6604] close(5) = 0 [pid 6604] close(4) = 0 [pid 6604] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6604] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6603] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... openat resumed>) = 4 [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6604] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6603] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] <... write resumed>) = 12288 [pid 6604] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6604] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... futex resumed>) = 0 [pid 6603] <... futex resumed>) = 1 [pid 6604] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6603] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] <... mmap resumed>) = 0x20000000 [pid 6604] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6604] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... futex resumed>) = 0 [pid 6603] <... futex resumed>) = 1 [pid 6604] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6603] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6604] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] <... futex resumed>) = 0 [pid 6603] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6603] <... futex resumed>) = 0 [pid 6604] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6603] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6603] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6604] <... openat resumed>) = 6 [pid 6603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6604] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6605 attached ) = 0 [pid 6605] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6604] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] <... clone3 resumed> => {parent_tid=[6605]}, 88) = 6605 [pid 6605] <... rseq resumed>) = 0 [pid 6603] rt_sigprocmask(SIG_SETMASK, [], [pid 6605] set_robust_list(0x7f6d360d69a0, 24 [pid 6603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6605] <... set_robust_list resumed>) = 0 [pid 6603] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6603] <... futex resumed>) = 0 [pid 6605] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6603] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6605] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6605] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6603] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6603] exit_group(0) = ? [pid 6605] <... futex resumed>) = ? [pid 6604] <... futex resumed>) = ? [pid 6605] +++ exited with 0 +++ [pid 6604] +++ exited with 0 +++ [pid 6603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6603, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./519", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 148.775950][ T6604] loop0: detected capacity change from 0 to 64 umount2("./519/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./519/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./519/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./519/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./519/bus") = 0 umount2("./519/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./519/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./519") = 0 mkdir("./520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6606 attached , child_tidptr=0x5555564f6750) = 6606 [pid 6606] set_robust_list(0x5555564f6760, 24) = 0 [pid 6606] chdir("./520") = 0 [pid 6606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6606] setpgid(0, 0) = 0 [pid 6606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6606] write(3, "1000", 4) = 4 [pid 6606] close(3) = 0 [pid 6606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6606] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6606] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6607 attached [pid 6607] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6606] <... clone3 resumed> => {parent_tid=[6607]}, 88) = 6607 [pid 6607] <... rseq resumed>) = 0 [pid 6606] rt_sigprocmask(SIG_SETMASK, [], [pid 6607] set_robust_list(0x7f6d468e79a0, 24 [pid 6606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6607] <... set_robust_list resumed>) = 0 [pid 6606] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6607] memfd_create("syzkaller", 0 [pid 6606] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6607] <... memfd_create resumed>) = 3 [pid 6607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6607] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6607] close(3) = 0 [pid 6607] mkdir("./bus", 0777) = 0 [pid 6607] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6607] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6607] chdir("./bus") = 0 [pid 6607] ioctl(4, LOOP_CLR_FD) = 0 [pid 6607] close(4) = 0 [pid 6607] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... futex resumed>) = 0 [pid 6607] <... futex resumed>) = 1 [pid 6607] memfd_create("syzkaller", 0 [pid 6606] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... memfd_create resumed>) = 4 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6607] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6607] munmap(0x7f6d360cf000, 32768) = 0 [pid 6607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6607] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6607] ioctl(5, LOOP_CLR_FD) = 0 [pid 6607] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6607] close(5) = 0 [pid 6607] close(4) = 0 [pid 6607] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6607] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = 0 [pid 6606] <... futex resumed>) = 1 [pid 6607] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6606] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... openat resumed>) = 4 [pid 6607] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6607] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6606] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... write resumed>) = 12288 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... futex resumed>) = 1 [pid 6607] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6607] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... futex resumed>) = 1 [pid 6607] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6607] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6607] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... futex resumed>) = 0 [pid 6606] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6606] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6607] <... futex resumed>) = 1 [pid 6606] <... mprotect resumed>) = 0 [pid 6607] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6606] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6607] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6606] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6607] <... openat resumed>) = 6 [pid 6606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6608 attached [pid 6607] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6607] <... futex resumed>) = 0 [pid 6606] <... clone3 resumed> => {parent_tid=[6608]}, 88) = 6608 [ 148.890957][ T6607] loop0: detected capacity change from 0 to 64 [pid 6608] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6607] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] rt_sigprocmask(SIG_SETMASK, [], [pid 6608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6608] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6606] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] <... futex resumed>) = 0 [pid 6606] <... futex resumed>) = 1 [pid 6608] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6606] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6608] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6608] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... futex resumed>) = 0 [pid 6606] exit_group(0) = ? [pid 6607] <... futex resumed>) = ? [pid 6608] <... futex resumed>) = ? [pid 6608] +++ exited with 0 +++ [pid 6607] +++ exited with 0 +++ [pid 6606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6606, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./520/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./520/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./520/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./520/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./520/bus") = 0 umount2("./520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./520/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6609 attached , child_tidptr=0x5555564f6750) = 6609 [pid 6609] set_robust_list(0x5555564f6760, 24) = 0 [pid 6609] chdir("./521") = 0 [pid 6609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6609] setpgid(0, 0) = 0 [pid 6609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6609] write(3, "1000", 4) = 4 [pid 6609] close(3) = 0 [pid 6609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6609] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6609] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6610 attached [pid 6610] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6609] <... clone3 resumed> => {parent_tid=[6610]}, 88) = 6610 [pid 6610] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6609] rt_sigprocmask(SIG_SETMASK, [], [pid 6610] rt_sigprocmask(SIG_SETMASK, [], [pid 6609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6609] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] memfd_create("syzkaller", 0 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... memfd_create resumed>) = 3 [pid 6609] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6610] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6610] close(3) = 0 [pid 6610] mkdir("./bus", 0777) = 0 [pid 6610] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6610] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6610] chdir("./bus") = 0 [pid 6610] ioctl(4, LOOP_CLR_FD) = 0 [pid 6610] close(4) = 0 [pid 6610] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6610] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] <... futex resumed>) = 0 [pid 6609] <... futex resumed>) = 1 [pid 6610] memfd_create("syzkaller", 0 [pid 6609] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6610] <... memfd_create resumed>) = 4 [pid 6610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6610] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6610] munmap(0x7f6d360cf000, 32768) = 0 [pid 6610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6610] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6610] ioctl(5, LOOP_CLR_FD) = 0 [pid 6610] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6610] close(5) = 0 [pid 6610] close(4) = 0 [pid 6610] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... futex resumed>) = 1 [pid 6609] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6609] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... openat resumed>) = 4 [pid 6610] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... futex resumed>) = 1 [pid 6609] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... write resumed>) = 12288 [pid 6609] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... futex resumed>) = 1 [pid 6609] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6609] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... mmap resumed>) = 0x20000000 [ 149.028458][ T6610] loop0: detected capacity change from 0 to 64 [pid 6610] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6610] <... futex resumed>) = 1 [pid 6609] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6610] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6610] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] <... futex resumed>) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6610] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6609] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6609] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6610] <... openat resumed>) = 6 [pid 6609] <... mprotect resumed>) = 0 [pid 6610] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6611 attached [pid 6611] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6611] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6609] <... clone3 resumed> => {parent_tid=[6611]}, 88) = 6611 [pid 6611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6609] rt_sigprocmask(SIG_SETMASK, [], [pid 6611] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6609] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6611] <... futex resumed>) = 0 [pid 6611] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6609] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6611] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6611] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6611] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] exit_group(0) = ? [pid 6610] <... futex resumed>) = ? [pid 6611] <... futex resumed>) = ? [pid 6610] +++ exited with 0 +++ [pid 6611] +++ exited with 0 +++ [pid 6609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6609, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./521/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./521/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./521/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./521/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/bus") = 0 umount2("./521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./521/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6612 attached , child_tidptr=0x5555564f6750) = 6612 [pid 6612] set_robust_list(0x5555564f6760, 24) = 0 [pid 6612] chdir("./522") = 0 [pid 6612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6612] setpgid(0, 0) = 0 [pid 6612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6612] write(3, "1000", 4) = 4 [pid 6612] close(3) = 0 [pid 6612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6612] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6612] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6613 attached [pid 6613] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6612] <... clone3 resumed> => {parent_tid=[6613]}, 88) = 6613 [pid 6613] <... rseq resumed>) = 0 [pid 6612] rt_sigprocmask(SIG_SETMASK, [], [pid 6613] set_robust_list(0x7f6d468e79a0, 24 [pid 6612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6613] <... set_robust_list resumed>) = 0 [pid 6612] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6612] <... futex resumed>) = 0 [pid 6613] memfd_create("syzkaller", 0 [pid 6612] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6613] <... memfd_create resumed>) = 3 [pid 6613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6613] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6613] close(3) = 0 [pid 6613] mkdir("./bus", 0777) = 0 [pid 6613] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6613] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6613] chdir("./bus") = 0 [pid 6613] ioctl(4, LOOP_CLR_FD) = 0 [pid 6613] close(4) = 0 [pid 6613] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6613] <... futex resumed>) = 1 [pid 6612] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] memfd_create("syzkaller", 0) = 4 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6613] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6613] munmap(0x7f6d360cf000, 32768) = 0 [pid 6613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6613] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6613] ioctl(5, LOOP_CLR_FD) = 0 [pid 6613] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6613] close(5) = 0 [pid 6613] close(4) = 0 [pid 6613] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6613] <... futex resumed>) = 1 [pid 6612] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6612] <... futex resumed>) = 0 [pid 6613] <... openat resumed>) = 4 [pid 6612] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... futex resumed>) = 1 [pid 6613] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6613] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6613] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6612] <... futex resumed>) = 0 [pid 6613] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6612] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... mmap resumed>) = 0x20000000 [pid 6613] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... futex resumed>) = 1 [pid 6613] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6613] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6613] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] <... futex resumed>) = 1 [pid 6612] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6612] <... futex resumed>) = 0 [pid 6612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6613] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6612] <... mmap resumed>) = 0x7f6d360b6000 [pid 6612] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6613] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6614 attached [pid 6614] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6612] <... clone3 resumed> => {parent_tid=[6614]}, 88) = 6614 [pid 6614] set_robust_list(0x7f6d360d69a0, 24 [pid 6612] rt_sigprocmask(SIG_SETMASK, [], [pid 6614] <... set_robust_list resumed>) = 0 [pid 6612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6614] rt_sigprocmask(SIG_SETMASK, [], [pid 6612] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6614] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6612] <... futex resumed>) = 0 [pid 6614] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6612] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6614] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6614] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] exit_group(0 [pid 6614] <... futex resumed>) = ? [pid 6614] +++ exited with 0 +++ [pid 6613] <... futex resumed>) = ? [pid 6613] +++ exited with 0 +++ [pid 6612] <... exit_group resumed>) = ? [pid 6612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6612, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 149.166950][ T6613] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./522/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./522/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./522/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./522/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./522/bus") = 0 umount2("./522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./522/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6615 ./strace-static-x86_64: Process 6615 attached [pid 6615] set_robust_list(0x5555564f6760, 24) = 0 [pid 6615] chdir("./523") = 0 [pid 6615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6615] setpgid(0, 0) = 0 [pid 6615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6615] write(3, "1000", 4) = 4 [pid 6615] close(3) = 0 [pid 6615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6615] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6615] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6616]}, 88) = 6616 ./strace-static-x86_64: Process 6616 attached [pid 6615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6615] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6616] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6616] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6616] memfd_create("syzkaller", 0) = 3 [pid 6616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6616] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6616] close(3) = 0 [pid 6616] mkdir("./bus", 0777) = 0 [pid 6616] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6616] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6616] chdir("./bus") = 0 [pid 6616] ioctl(4, LOOP_CLR_FD) = 0 [pid 6616] close(4) = 0 [pid 6616] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6616] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6615] <... futex resumed>) = 0 [pid 6616] memfd_create("syzkaller", 0) = 4 [pid 6616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6616] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6616] munmap(0x7f6d360cf000, 32768 [pid 6615] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6616] <... munmap resumed>) = 0 [pid 6616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6616] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6616] ioctl(5, LOOP_CLR_FD) = 0 [pid 6616] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6616] close(5) = 0 [pid 6616] close(4) = 0 [pid 6616] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6616] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6615] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = 0 [pid 6615] <... futex resumed>) = 1 [pid 6616] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6615] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6616] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = 0 [pid 6615] <... futex resumed>) = 1 [pid 6616] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6615] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... write resumed>) = 12288 [pid 6616] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6616] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6615] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... mmap resumed>) = 0x20000000 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6616] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6615] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6616] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6615] <... futex resumed>) = 0 [pid 6616] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6615] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6616] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6615] <... futex resumed>) = 0 [pid 6616] <... openat resumed>) = 6 [pid 6615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6616] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... mmap resumed>) = 0x7f6d360b6000 [pid 6616] <... futex resumed>) = 0 [pid 6615] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6616] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] <... mprotect resumed>) = 0 [pid 6615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6617 attached [pid 6617] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6615] <... clone3 resumed> => {parent_tid=[6617]}, 88) = 6617 [pid 6617] <... rseq resumed>) = 0 [pid 6615] rt_sigprocmask(SIG_SETMASK, [], [pid 6617] set_robust_list(0x7f6d360d69a0, 24 [pid 6615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6617] <... set_robust_list resumed>) = 0 [pid 6615] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] rt_sigprocmask(SIG_SETMASK, [], [pid 6615] <... futex resumed>) = 0 [pid 6617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6615] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6617] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6617] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6617] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] exit_group(0 [pid 6617] <... futex resumed>) = ? [pid 6615] <... exit_group resumed>) = ? [pid 6617] +++ exited with 0 +++ [pid 6616] <... futex resumed>) = ? [ 149.291277][ T6616] loop0: detected capacity change from 0 to 64 [pid 6616] +++ exited with 0 +++ [pid 6615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6615, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./523/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./523/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./523/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./523/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./523/bus") = 0 umount2("./523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./523/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6618 attached , child_tidptr=0x5555564f6750) = 6618 [pid 6618] set_robust_list(0x5555564f6760, 24) = 0 [pid 6618] chdir("./524") = 0 [pid 6618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6618] setpgid(0, 0) = 0 [pid 6618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6618] write(3, "1000", 4) = 4 [pid 6618] close(3) = 0 [pid 6618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6618] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6618] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6619]}, 88) = 6619 ./strace-static-x86_64: Process 6619 attached [pid 6618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6619] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6618] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] <... rseq resumed>) = 0 [pid 6618] <... futex resumed>) = 0 [pid 6619] set_robust_list(0x7f6d468e79a0, 24 [pid 6618] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6619] <... set_robust_list resumed>) = 0 [pid 6619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6619] memfd_create("syzkaller", 0) = 3 [pid 6619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6619] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6619] close(3) = 0 [pid 6619] mkdir("./bus", 0777) = 0 [pid 6619] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6619] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6619] chdir("./bus") = 0 [pid 6619] ioctl(4, LOOP_CLR_FD) = 0 [pid 6619] close(4) = 0 [pid 6619] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6619] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6619] <... futex resumed>) = 0 [pid 6618] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6619] memfd_create("syzkaller", 0) = 4 [pid 6619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6619] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6619] munmap(0x7f6d360cf000, 32768) = 0 [pid 6619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6619] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6619] ioctl(5, LOOP_CLR_FD) = 0 [pid 6619] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6619] close(5) = 0 [pid 6619] close(4) = 0 [pid 6619] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6619] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] <... futex resumed>) = 0 [pid 6618] <... futex resumed>) = 1 [pid 6619] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6618] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... openat resumed>) = 4 [pid 6619] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6618] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... write resumed>) = 12288 [pid 6619] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6618] <... futex resumed>) = 0 [pid 6619] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6619] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... mmap resumed>) = 0x20000000 [pid 6619] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6619] <... futex resumed>) = 0 [pid 6619] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6619] <... futex resumed>) = 0 [pid 6618] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 149.414553][ T6619] loop0: detected capacity change from 0 to 64 [pid 6619] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6619] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6618] <... futex resumed>) = 0 [pid 6619] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6618] <... futex resumed>) = 0 [pid 6619] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6618] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6618] <... futex resumed>) = 0 [pid 6618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6619] <... openat resumed>) = 6 [pid 6618] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6619] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... mprotect resumed>) = 0 [pid 6619] <... futex resumed>) = 0 [pid 6618] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6619] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6620 attached [pid 6620] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6618] <... clone3 resumed> => {parent_tid=[6620]}, 88) = 6620 [pid 6620] set_robust_list(0x7f6d360d69a0, 24 [pid 6618] rt_sigprocmask(SIG_SETMASK, [], [pid 6620] <... set_robust_list resumed>) = 0 [pid 6620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6620] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6618] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6620] <... futex resumed>) = 0 [pid 6618] <... futex resumed>) = 1 [pid 6620] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6618] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6620] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6620] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6618] <... futex resumed>) = 0 [pid 6618] exit_group(0 [pid 6620] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] <... exit_group resumed>) = ? [pid 6620] <... futex resumed>) = ? [pid 6619] <... futex resumed>) = ? [pid 6620] +++ exited with 0 +++ [pid 6619] +++ exited with 0 +++ [pid 6618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6618, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./524/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./524/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./524/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./524/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./524/bus") = 0 umount2("./524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./524/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6621 ./strace-static-x86_64: Process 6621 attached [pid 6621] set_robust_list(0x5555564f6760, 24) = 0 [pid 6621] chdir("./525") = 0 [pid 6621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6621] setpgid(0, 0) = 0 [pid 6621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6621] write(3, "1000", 4) = 4 [pid 6621] close(3) = 0 [pid 6621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6621] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6621] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6622 attached [pid 6622] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6621] <... clone3 resumed> => {parent_tid=[6622]}, 88) = 6622 [pid 6622] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6621] rt_sigprocmask(SIG_SETMASK, [], [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6622] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6621] <... futex resumed>) = 0 [pid 6622] memfd_create("syzkaller", 0 [pid 6621] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6622] <... memfd_create resumed>) = 3 [pid 6622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6622] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6622] close(3) = 0 [pid 6622] mkdir("./bus", 0777) = 0 [pid 6622] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6622] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6622] chdir("./bus") = 0 [pid 6622] ioctl(4, LOOP_CLR_FD) = 0 [pid 6622] close(4) = 0 [pid 6622] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... futex resumed>) = 0 [pid 6621] <... futex resumed>) = 1 [pid 6622] memfd_create("syzkaller", 0 [pid 6621] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6622] <... memfd_create resumed>) = 4 [pid 6622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6622] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6622] munmap(0x7f6d360cf000, 32768) = 0 [pid 6622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6622] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6622] ioctl(5, LOOP_CLR_FD) = 0 [pid 6622] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6622] close(5) = 0 [pid 6622] close(4) = 0 [pid 6622] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... futex resumed>) = 0 [pid 6621] <... futex resumed>) = 1 [pid 6622] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6621] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] <... openat resumed>) = 4 [pid 6622] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6622] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6621] <... futex resumed>) = 0 [pid 6622] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [ 149.551661][ T6622] loop0: detected capacity change from 0 to 64 [pid 6621] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] <... write resumed>) = 12288 [pid 6622] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... futex resumed>) = 0 [pid 6622] <... futex resumed>) = 1 [pid 6621] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] <... mmap resumed>) = 0x20000000 [pid 6622] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] <... futex resumed>) = 1 [pid 6622] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6622] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6622] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... futex resumed>) = 0 [pid 6622] <... futex resumed>) = 1 [pid 6621] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6621] <... futex resumed>) = 0 [pid 6622] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6621] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] <... openat resumed>) = 6 [pid 6622] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6621] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6623 attached [pid 6623] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6621] <... clone3 resumed> => {parent_tid=[6623]}, 88) = 6623 [pid 6623] <... rseq resumed>) = 0 [pid 6623] set_robust_list(0x7f6d360d69a0, 24 [pid 6621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6621] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... set_robust_list resumed>) = 0 [pid 6621] <... futex resumed>) = 0 [pid 6623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6623] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6621] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6623] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6623] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... futex resumed>) = 0 [pid 6623] <... futex resumed>) = 1 [pid 6623] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] exit_group(0) = ? [pid 6622] <... futex resumed>) = ? [pid 6623] <... futex resumed>) = ? [pid 6622] +++ exited with 0 +++ [pid 6623] +++ exited with 0 +++ [pid 6621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6621, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./525/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./525/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./525/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./525/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./525/bus") = 0 umount2("./525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./525/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6624 attached , child_tidptr=0x5555564f6750) = 6624 [pid 6624] set_robust_list(0x5555564f6760, 24) = 0 [pid 6624] chdir("./526") = 0 [pid 6624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6624] setpgid(0, 0) = 0 [pid 6624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6624] write(3, "1000", 4) = 4 [pid 6624] close(3) = 0 [pid 6624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6624] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6624] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6625 attached => {parent_tid=[6625]}, 88) = 6625 [pid 6625] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6624] rt_sigprocmask(SIG_SETMASK, [], [pid 6625] <... rseq resumed>) = 0 [pid 6625] set_robust_list(0x7f6d468e79a0, 24 [pid 6624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6625] <... set_robust_list resumed>) = 0 [pid 6624] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6625] memfd_create("syzkaller", 0) = 3 [pid 6625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6625] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6625] close(3) = 0 [pid 6625] mkdir("./bus", 0777) = 0 [pid 6625] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6625] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6625] chdir("./bus") = 0 [pid 6625] ioctl(4, LOOP_CLR_FD) = 0 [pid 6625] close(4) = 0 [pid 6625] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6624] <... futex resumed>) = 0 [pid 6625] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6624] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6624] <... futex resumed>) = 0 [pid 6625] memfd_create("syzkaller", 0 [pid 6624] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6625] <... memfd_create resumed>) = 4 [pid 6625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6625] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6625] munmap(0x7f6d360cf000, 32768) = 0 [pid 6625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6625] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6625] ioctl(5, LOOP_CLR_FD) = 0 [pid 6625] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6625] close(5) = 0 [pid 6625] close(4) = 0 [pid 6625] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6624] <... futex resumed>) = 0 [pid 6625] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6624] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6625] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6624] <... futex resumed>) = 0 [pid 6625] <... openat resumed>) = 4 [pid 6624] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6624] <... futex resumed>) = 0 [pid 6625] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6624] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6625] <... write resumed>) = 12288 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6625] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 149.691802][ T6625] loop0: detected capacity change from 0 to 64 [pid 6625] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6625] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6625] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6624] <... futex resumed>) = 0 [pid 6624] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6625] <... futex resumed>) = 0 [pid 6625] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6625] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6624] <... futex resumed>) = 1 [pid 6624] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6625] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6624] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6624] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6625] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6624] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6626 attached => {parent_tid=[6626]}, 88) = 6626 [pid 6626] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6624] rt_sigprocmask(SIG_SETMASK, [], [pid 6626] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6626] rt_sigprocmask(SIG_SETMASK, [], [pid 6624] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6624] <... futex resumed>) = 0 [pid 6626] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6624] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6626] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6626] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6624] <... futex resumed>) = 0 [pid 6626] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6624] exit_group(0 [pid 6626] <... futex resumed>) = ? [pid 6625] <... futex resumed>) = ? [pid 6626] +++ exited with 0 +++ [pid 6625] +++ exited with 0 +++ [pid 6624] <... exit_group resumed>) = ? [pid 6624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6624, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./526/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./526/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./526/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./526/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./526/bus") = 0 umount2("./526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./526/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6627 ./strace-static-x86_64: Process 6627 attached [pid 6627] set_robust_list(0x5555564f6760, 24) = 0 [pid 6627] chdir("./527") = 0 [pid 6627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6627] setpgid(0, 0) = 0 [pid 6627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6627] write(3, "1000", 4) = 4 [pid 6627] close(3) = 0 [pid 6627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6627] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6627] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6628]}, 88) = 6628 [pid 6627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6627] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6628 attached [pid 6628] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6628] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6628] memfd_create("syzkaller", 0) = 3 [pid 6628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6628] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6628] close(3) = 0 [pid 6628] mkdir("./bus", 0777) = 0 [pid 6628] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6628] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6628] chdir("./bus") = 0 [pid 6628] ioctl(4, LOOP_CLR_FD) = 0 [pid 6628] close(4) = 0 [pid 6628] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6628] <... futex resumed>) = 1 [pid 6628] memfd_create("syzkaller", 0) = 4 [pid 6628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6628] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6628] munmap(0x7f6d360cf000, 32768) = 0 [pid 6628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6628] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6628] ioctl(5, LOOP_CLR_FD) = 0 [pid 6628] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6628] close(5) = 0 [pid 6628] close(4) = 0 [pid 6628] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6628] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = 0 [pid 6627] <... futex resumed>) = 1 [ 149.827724][ T6628] loop0: detected capacity change from 0 to 64 [pid 6628] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6628] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6627] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = 0 [pid 6628] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6627] <... futex resumed>) = 1 [pid 6627] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... write resumed>) = 12288 [pid 6628] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6628] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6627] <... futex resumed>) = 0 [pid 6628] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6627] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... mmap resumed>) = 0x20000000 [pid 6628] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6628] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6627] <... futex resumed>) = 0 [pid 6628] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6627] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6628] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6628] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6627] <... futex resumed>) = 0 [pid 6628] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6627] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6627] <... futex resumed>) = 0 [pid 6627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6628] <... openat resumed>) = 6 [pid 6628] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] <... mmap resumed>) = 0x7f6d360b6000 [pid 6628] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6629 attached => {parent_tid=[6629]}, 88) = 6629 [pid 6629] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6627] rt_sigprocmask(SIG_SETMASK, [], [pid 6629] <... rseq resumed>) = 0 [pid 6627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6629] set_robust_list(0x7f6d360d69a0, 24 [pid 6627] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... set_robust_list resumed>) = 0 [pid 6627] <... futex resumed>) = 0 [pid 6629] rt_sigprocmask(SIG_SETMASK, [], [pid 6627] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6629] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6629] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6629] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] exit_group(0 [pid 6629] <... futex resumed>) = ? [pid 6628] <... futex resumed>) = ? [pid 6627] <... exit_group resumed>) = ? [pid 6629] +++ exited with 0 +++ [pid 6628] +++ exited with 0 +++ [pid 6627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6627, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./527/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./527/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./527/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./527/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./527/bus") = 0 umount2("./527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./527/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6630 attached , child_tidptr=0x5555564f6750) = 6630 [pid 6630] set_robust_list(0x5555564f6760, 24) = 0 [pid 6630] chdir("./528") = 0 [pid 6630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6630] setpgid(0, 0) = 0 [pid 6630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6630] write(3, "1000", 4) = 4 [pid 6630] close(3) = 0 [pid 6630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6630] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6630] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6630] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6631]}, 88) = 6631 ./strace-static-x86_64: Process 6631 attached [pid 6631] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], [pid 6631] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6631] rt_sigprocmask(SIG_SETMASK, [], [pid 6630] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6631] memfd_create("syzkaller", 0 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6631] <... memfd_create resumed>) = 3 [pid 6631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6631] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6631] close(3) = 0 [pid 6631] mkdir("./bus", 0777) = 0 [pid 6631] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6631] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6631] chdir("./bus") = 0 [pid 6631] ioctl(4, LOOP_CLR_FD) = 0 [pid 6631] close(4) = 0 [pid 6631] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6630] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] memfd_create("syzkaller", 0 [pid 6630] <... futex resumed>) = 0 [pid 6631] <... memfd_create resumed>) = 4 [pid 6630] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6631] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6631] munmap(0x7f6d360cf000, 32768) = 0 [pid 6631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6631] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6631] ioctl(5, LOOP_CLR_FD) = 0 [pid 6631] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6631] close(5) = 0 [pid 6631] close(4) = 0 [pid 6631] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6630] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6630] <... futex resumed>) = 0 [pid 6631] <... openat resumed>) = 4 [pid 6630] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] <... futex resumed>) = 1 [pid 6631] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6631] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... futex resumed>) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6631] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6630] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] <... mmap resumed>) = 0x20000000 [pid 6631] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6630] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6631] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6631] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6630] <... futex resumed>) = 0 [pid 6631] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6630] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6630] <... futex resumed>) = 0 [pid 6631] <... openat resumed>) = 6 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6630] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6631] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6631] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6632 attached => {parent_tid=[6632]}, 88) = 6632 [pid 6632] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], [pid 6632] set_robust_list(0x7f6d360d69a0, 24 [pid 6630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6632] <... set_robust_list resumed>) = 0 [pid 6630] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] rt_sigprocmask(SIG_SETMASK, [], [pid 6630] <... futex resumed>) = 0 [pid 6632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6630] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6632] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] <... futex resumed>) = 0 [pid 6630] exit_group(0 [pid 6631] <... futex resumed>) = ? [pid 6631] +++ exited with 0 +++ [pid 6632] <... futex resumed>) = ? [pid 6632] +++ exited with 0 +++ [pid 6630] <... exit_group resumed>) = ? [pid 6630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6630, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 149.970977][ T6631] loop0: detected capacity change from 0 to 64 umount2("./528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./528/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./528/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./528/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./528/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./528/bus") = 0 umount2("./528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./528/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6633 attached , child_tidptr=0x5555564f6750) = 6633 [pid 6633] set_robust_list(0x5555564f6760, 24) = 0 [pid 6633] chdir("./529") = 0 [pid 6633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6633] setpgid(0, 0) = 0 [pid 6633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6633] write(3, "1000", 4) = 4 [pid 6633] close(3) = 0 [pid 6633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6633] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6633] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6634 attached => {parent_tid=[6634]}, 88) = 6634 [pid 6634] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6634] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6633] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6634] memfd_create("syzkaller", 0) = 3 [pid 6634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6634] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6634] close(3) = 0 [pid 6634] mkdir("./bus", 0777) = 0 [pid 6634] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6634] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6634] chdir("./bus") = 0 [pid 6634] ioctl(4, LOOP_CLR_FD) = 0 [pid 6634] close(4) = 0 [pid 6634] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6634] memfd_create("syzkaller", 0) = 4 [pid 6633] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6634] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6634] munmap(0x7f6d360cf000, 32768) = 0 [pid 6634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6634] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6634] ioctl(5, LOOP_CLR_FD) = 0 [pid 6634] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6634] close(5) = 0 [pid 6634] close(4) = 0 [pid 6634] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6634] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] <... write resumed>) = 12288 [pid 6634] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... futex resumed>) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6634] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6633] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] <... mmap resumed>) = 0x20000000 [pid 6634] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... futex resumed>) = 1 [pid 6634] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6633] <... futex resumed>) = 0 [pid 6634] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6633] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] <... openat resumed>) = 5 [pid 6634] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] <... futex resumed>) = 1 [pid 6633] <... futex resumed>) = 0 [pid 6634] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6634] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6633] <... mmap resumed>) = 0x7f6d360b6000 [pid 6634] <... openat resumed>) = 6 [pid 6633] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6634] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6634] <... futex resumed>) = 0 [pid 6633] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6634] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6635]}, 88) = 6635 ./strace-static-x86_64: Process 6635 attached [pid 6635] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6633] rt_sigprocmask(SIG_SETMASK, [], [pid 6635] <... rseq resumed>) = 0 [pid 6635] set_robust_list(0x7f6d360d69a0, 24 [pid 6633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6635] <... set_robust_list resumed>) = 0 [pid 6633] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] rt_sigprocmask(SIG_SETMASK, [], [pid 6633] <... futex resumed>) = 0 [pid 6635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6635] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6633] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6635] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6635] <... futex resumed>) = 1 [pid 6635] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] exit_group(0 [pid 6634] <... futex resumed>) = ? [pid 6635] <... futex resumed>) = ? [pid 6633] <... exit_group resumed>) = ? [ 150.098712][ T6634] loop0: detected capacity change from 0 to 64 [pid 6635] +++ exited with 0 +++ [pid 6634] +++ exited with 0 +++ [pid 6633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6633, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./529/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./529/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./529/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./529/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/bus") = 0 umount2("./529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./529/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6636 attached , child_tidptr=0x5555564f6750) = 6636 [pid 6636] set_robust_list(0x5555564f6760, 24) = 0 [pid 6636] chdir("./530") = 0 [pid 6636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6636] setpgid(0, 0) = 0 [pid 6636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6636] write(3, "1000", 4) = 4 [pid 6636] close(3) = 0 [pid 6636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6636] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6636] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6636] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6636] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6637 attached [pid 6637] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6636] <... clone3 resumed> => {parent_tid=[6637]}, 88) = 6637 [pid 6637] set_robust_list(0x7f6d468e79a0, 24 [pid 6636] rt_sigprocmask(SIG_SETMASK, [], [pid 6637] <... set_robust_list resumed>) = 0 [pid 6636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6637] rt_sigprocmask(SIG_SETMASK, [], [pid 6636] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6637] memfd_create("syzkaller", 0 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6637] <... memfd_create resumed>) = 3 [pid 6637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6637] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6637] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6637] close(3) = 0 [pid 6637] mkdir("./bus", 0777) = 0 [pid 6637] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6637] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6637] chdir("./bus") = 0 [pid 6637] ioctl(4, LOOP_CLR_FD) = 0 [pid 6637] close(4) = 0 [pid 6637] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = 0 [pid 6637] <... futex resumed>) = 1 [pid 6636] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] memfd_create("syzkaller", 0 [pid 6636] <... futex resumed>) = 0 [pid 6637] <... memfd_create resumed>) = 4 [pid 6636] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6637] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6637] munmap(0x7f6d360cf000, 32768) = 0 [pid 6637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6637] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6637] ioctl(5, LOOP_CLR_FD) = 0 [pid 6637] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6637] close(5) = 0 [pid 6637] close(4) = 0 [pid 6637] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = 0 [pid 6637] <... futex resumed>) = 1 [pid 6637] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6636] <... futex resumed>) = 0 [pid 6637] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6636] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... openat resumed>) = 4 [pid 6637] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... futex resumed>) = 1 [pid 6637] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6636] <... futex resumed>) = 0 [pid 6637] <... write resumed>) = 12288 [pid 6636] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6637] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6636] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... mmap resumed>) = 0x20000000 [pid 6637] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6637] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6637] <... futex resumed>) = 0 [pid 6637] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6637] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6636] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] <... openat resumed>) = 5 [pid 6637] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6636] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6636] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 150.226627][ T6637] loop0: detected capacity change from 0 to 64 [pid 6636] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6637] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6636] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6637] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6638 attached [pid 6637] <... openat resumed>) = 6 [pid 6638] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6638] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6637] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... clone3 resumed> => {parent_tid=[6638]}, 88) = 6638 [pid 6638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6637] <... futex resumed>) = 0 [pid 6636] rt_sigprocmask(SIG_SETMASK, [], [pid 6637] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6636] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6636] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6638] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6638] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6636] <... futex resumed>) = 0 [pid 6636] exit_group(0 [pid 6638] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6637] <... futex resumed>) = ? [pid 6636] <... exit_group resumed>) = ? [pid 6638] <... futex resumed>) = ? [pid 6637] +++ exited with 0 +++ [pid 6638] +++ exited with 0 +++ [pid 6636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6636, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./530/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./530/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./530/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./530/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./530/bus") = 0 umount2("./530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./530/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6639 attached , child_tidptr=0x5555564f6750) = 6639 [pid 6639] set_robust_list(0x5555564f6760, 24) = 0 [pid 6639] chdir("./531") = 0 [pid 6639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6639] setpgid(0, 0) = 0 [pid 6639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6639] write(3, "1000", 4) = 4 [pid 6639] close(3) = 0 [pid 6639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6639] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6639] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6640 attached [pid 6640] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6639] <... clone3 resumed> => {parent_tid=[6640]}, 88) = 6640 [pid 6640] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6639] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] memfd_create("syzkaller", 0 [pid 6639] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6640] <... memfd_create resumed>) = 3 [pid 6640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6640] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6640] close(3) = 0 [pid 6640] mkdir("./bus", 0777) = 0 [pid 6640] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6640] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6640] chdir("./bus") = 0 [pid 6640] ioctl(4, LOOP_CLR_FD) = 0 [pid 6640] close(4) = 0 [pid 6640] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] <... futex resumed>) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6640] memfd_create("syzkaller", 0 [pid 6639] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6640] <... memfd_create resumed>) = 4 [pid 6640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6640] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6640] munmap(0x7f6d360cf000, 32768) = 0 [pid 6640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6640] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6640] ioctl(5, LOOP_CLR_FD) = 0 [pid 6640] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6640] close(5) = 0 [pid 6640] close(4) = 0 [pid 6640] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] <... futex resumed>) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6640] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6639] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... openat resumed>) = 4 [pid 6640] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6639] <... futex resumed>) = 0 [pid 6640] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6639] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6640] <... futex resumed>) = 0 [pid 6639] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6640] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6639] <... futex resumed>) = 0 [pid 6640] <... futex resumed>) = 1 [pid 6639] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... mmap resumed>) = 0x20000000 [pid 6640] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6639] <... futex resumed>) = 0 [pid 6639] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6639] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... futex resumed>) = 1 [pid 6640] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6640] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6640] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6639] <... futex resumed>) = 0 [pid 6640] <... futex resumed>) = 1 [pid 6640] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6639] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6639] <... futex resumed>) = 0 [pid 6640] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6639] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6640] <... openat resumed>) = 6 [pid 6639] <... mmap resumed>) = 0x7f6d360b6000 [pid 6639] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6640] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6640] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6641 attached => {parent_tid=[6641]}, 88) = 6641 [pid 6641] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6639] rt_sigprocmask(SIG_SETMASK, [], [pid 6641] <... rseq resumed>) = 0 [pid 6639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6641] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6639] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] rt_sigprocmask(SIG_SETMASK, [], [pid 6639] <... futex resumed>) = 0 [pid 6641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6641] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6639] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6641] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6641] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6639] <... futex resumed>) = 0 [pid 6641] <... futex resumed>) = 1 [pid 6641] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6639] exit_group(0 [pid 6641] <... futex resumed>) = ? [pid 6640] <... futex resumed>) = ? [pid 6641] +++ exited with 0 +++ [pid 6640] +++ exited with 0 +++ [pid 6639] <... exit_group resumed>) = ? [pid 6639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6639, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 150.366160][ T6640] loop0: detected capacity change from 0 to 64 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./531/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./531/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./531/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./531/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./531/bus") = 0 umount2("./531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./531/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6642 attached , child_tidptr=0x5555564f6750) = 6642 [pid 6642] set_robust_list(0x5555564f6760, 24) = 0 [pid 6642] chdir("./532") = 0 [pid 6642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6642] setpgid(0, 0) = 0 [pid 6642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6642] write(3, "1000", 4) = 4 [pid 6642] close(3) = 0 [pid 6642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6642] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6642] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6643 attached => {parent_tid=[6643]}, 88) = 6643 [pid 6642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6642] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6643] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6643] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6643] memfd_create("syzkaller", 0) = 3 [pid 6643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6643] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6643] close(3) = 0 [pid 6643] mkdir("./bus", 0777) = 0 [pid 6643] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6643] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6643] chdir("./bus") = 0 [pid 6643] ioctl(4, LOOP_CLR_FD) = 0 [pid 6643] close(4) = 0 [pid 6643] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] <... futex resumed>) = 0 [pid 6643] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6643] memfd_create("syzkaller", 0 [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6643] <... memfd_create resumed>) = 4 [pid 6643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6643] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6643] munmap(0x7f6d360cf000, 32768) = 0 [pid 6643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6643] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6643] ioctl(5, LOOP_CLR_FD) = 0 [pid 6643] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6643] close(5) = 0 [pid 6643] close(4) = 0 [pid 6643] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6643] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6642] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6643] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6643] <... futex resumed>) = 1 [pid 6642] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6642] <... futex resumed>) = 0 [pid 6643] <... mmap resumed>) = 0x20000000 [ 150.501685][ T6643] loop0: detected capacity change from 0 to 64 [pid 6642] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6643] <... futex resumed>) = 0 [pid 6642] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6642] <... futex resumed>) = 0 [pid 6643] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6642] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... openat resumed>) = 5 [pid 6643] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] <... futex resumed>) = 0 [pid 6643] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6642] <... futex resumed>) = 0 [pid 6643] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6642] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6643] <... openat resumed>) = 6 [pid 6642] <... mmap resumed>) = 0x7f6d360b6000 [pid 6642] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6644 attached [pid 6643] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] <... clone3 resumed> => {parent_tid=[6644]}, 88) = 6644 [pid 6644] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6643] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] rt_sigprocmask(SIG_SETMASK, [], [pid 6644] <... rseq resumed>) = 0 [pid 6642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6644] set_robust_list(0x7f6d360d69a0, 24 [pid 6642] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... set_robust_list resumed>) = 0 [pid 6642] <... futex resumed>) = 0 [pid 6644] rt_sigprocmask(SIG_SETMASK, [], [pid 6642] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6644] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6644] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] <... futex resumed>) = 0 [pid 6644] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] exit_group(0 [pid 6644] <... futex resumed>) = ? [pid 6643] <... futex resumed>) = ? [pid 6642] <... exit_group resumed>) = ? [pid 6644] +++ exited with 0 +++ [pid 6643] +++ exited with 0 +++ [pid 6642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6642, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./532/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./532/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./532/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./532/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./532/bus") = 0 umount2("./532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./532/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6645 attached , child_tidptr=0x5555564f6750) = 6645 [pid 6645] set_robust_list(0x5555564f6760, 24) = 0 [pid 6645] chdir("./533") = 0 [pid 6645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6645] setpgid(0, 0) = 0 [pid 6645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6645] write(3, "1000", 4) = 4 [pid 6645] close(3) = 0 [pid 6645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6645] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6645] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6646 attached [pid 6646] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6645] <... clone3 resumed> => {parent_tid=[6646]}, 88) = 6646 [pid 6646] <... rseq resumed>) = 0 [pid 6646] set_robust_list(0x7f6d468e79a0, 24 [pid 6645] rt_sigprocmask(SIG_SETMASK, [], [pid 6646] <... set_robust_list resumed>) = 0 [pid 6645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6646] rt_sigprocmask(SIG_SETMASK, [], [pid 6645] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6645] <... futex resumed>) = 0 [pid 6646] memfd_create("syzkaller", 0 [pid 6645] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] <... memfd_create resumed>) = 3 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6646] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6646] close(3) = 0 [pid 6646] mkdir("./bus", 0777) = 0 [pid 6646] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6646] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6646] chdir("./bus") = 0 [pid 6646] ioctl(4, LOOP_CLR_FD) = 0 [pid 6646] close(4) = 0 [pid 6646] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6645] <... futex resumed>) = 0 [pid 6645] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] <... futex resumed>) = 0 [pid 6645] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6646] memfd_create("syzkaller", 0) = 4 [pid 6646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6646] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6646] munmap(0x7f6d360cf000, 32768) = 0 [pid 6646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6646] ioctl(5, LOOP_CLR_FD) = 0 [pid 6646] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6646] close(5) = 0 [pid 6646] close(4) = 0 [pid 6646] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6646] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6645] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... openat resumed>) = 4 [pid 6646] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6646] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6645] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] <... write resumed>) = 12288 [pid 6645] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6646] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6645] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... mmap resumed>) = 0x20000000 [pid 6646] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] <... futex resumed>) = 0 [pid 6645] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... futex resumed>) = 1 [pid 6646] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 150.649787][ T6646] loop0: detected capacity change from 0 to 64 [pid 6646] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6646] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] <... futex resumed>) = 0 [pid 6645] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6645] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6646] <... futex resumed>) = 1 [pid 6645] <... mprotect resumed>) = 0 [pid 6645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6647 attached [pid 6646] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6645] <... clone3 resumed> => {parent_tid=[6647]}, 88) = 6647 [pid 6647] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6645] rt_sigprocmask(SIG_SETMASK, [], [pid 6647] <... rseq resumed>) = 0 [pid 6645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6647] set_robust_list(0x7f6d360d69a0, 24 [pid 6645] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... set_robust_list resumed>) = 0 [pid 6645] <... futex resumed>) = 0 [pid 6647] rt_sigprocmask(SIG_SETMASK, [], [pid 6645] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6647] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6646] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6647] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6647] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6647] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6645] <... futex resumed>) = 0 [pid 6646] <... openat resumed>) = 6 [pid 6646] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6645] exit_group(0 [pid 6647] <... futex resumed>) = ? [pid 6646] <... futex resumed>) = ? [pid 6645] <... exit_group resumed>) = ? [pid 6646] +++ exited with 0 +++ [pid 6647] +++ exited with 0 +++ [pid 6645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6645, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./533/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./533/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./533/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./533/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./533/bus") = 0 umount2("./533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./533/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6648 attached , child_tidptr=0x5555564f6750) = 6648 [pid 6648] set_robust_list(0x5555564f6760, 24) = 0 [pid 6648] chdir("./534") = 0 [pid 6648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6648] setpgid(0, 0) = 0 [pid 6648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6648] write(3, "1000", 4) = 4 [pid 6648] close(3) = 0 [pid 6648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6648] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6648] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6649 attached [pid 6649] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6649] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6649] rt_sigprocmask(SIG_SETMASK, [], [pid 6648] <... clone3 resumed> => {parent_tid=[6649]}, 88) = 6649 [pid 6649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] rt_sigprocmask(SIG_SETMASK, [], [pid 6649] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6649] memfd_create("syzkaller", 0 [pid 6648] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6649] <... memfd_create resumed>) = 3 [pid 6649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6649] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6649] close(3) = 0 [pid 6649] mkdir("./bus", 0777) = 0 [pid 6649] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6649] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6649] chdir("./bus") = 0 [pid 6649] ioctl(4, LOOP_CLR_FD) = 0 [pid 6649] close(4) = 0 [pid 6649] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] memfd_create("syzkaller", 0 [pid 6648] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... memfd_create resumed>) = 4 [pid 6648] <... futex resumed>) = 0 [pid 6649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6648] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6649] <... mmap resumed>) = 0x7f6d360cf000 [pid 6649] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6649] munmap(0x7f6d360cf000, 32768) = 0 [pid 6649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6649] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6649] ioctl(5, LOOP_CLR_FD) = 0 [pid 6649] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6649] close(5) = 0 [pid 6649] close(4) = 0 [pid 6649] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6649] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... openat resumed>) = 4 [pid 6649] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... futex resumed>) = 0 [pid 6649] <... futex resumed>) = 1 [pid 6648] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6648] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... write resumed>) = 12288 [pid 6649] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6648] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... mmap resumed>) = 0x20000000 [pid 6649] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6649] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6649] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6649] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6649] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6648] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6649] <... openat resumed>) = 6 [pid 6649] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... mprotect resumed>) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6649] <... futex resumed>) = 0 [pid 6649] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6650 attached [pid 6650] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6648] <... clone3 resumed> => {parent_tid=[6650]}, 88) = 6650 [pid 6650] <... rseq resumed>) = 0 [pid 6648] rt_sigprocmask(SIG_SETMASK, [], [pid 6650] set_robust_list(0x7f6d360d69a0, 24 [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6650] <... set_robust_list resumed>) = 0 [pid 6648] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] rt_sigprocmask(SIG_SETMASK, [], [pid 6648] <... futex resumed>) = 0 [pid 6650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6650] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6650] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6650] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] exit_group(0 [pid 6650] <... futex resumed>) = ? [pid 6649] <... futex resumed>) = ? [pid 6650] +++ exited with 0 +++ [pid 6649] +++ exited with 0 +++ [ 150.772220][ T6649] loop0: detected capacity change from 0 to 64 [pid 6648] <... exit_group resumed>) = ? [pid 6648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6648, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./534/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./534/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./534/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./534/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./534/bus") = 0 umount2("./534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./534/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6651 attached , child_tidptr=0x5555564f6750) = 6651 [pid 6651] set_robust_list(0x5555564f6760, 24) = 0 [pid 6651] chdir("./535") = 0 [pid 6651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6651] setpgid(0, 0) = 0 [pid 6651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6651] write(3, "1000", 4) = 4 [pid 6651] close(3) = 0 [pid 6651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6651] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6651] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6652 attached => {parent_tid=[6652]}, 88) = 6652 [pid 6651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6651] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6651] <... futex resumed>) = 0 [pid 6652] <... rseq resumed>) = 0 [pid 6652] set_robust_list(0x7f6d468e79a0, 24 [pid 6651] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6652] <... set_robust_list resumed>) = 0 [pid 6652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6652] memfd_create("syzkaller", 0) = 3 [pid 6652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6652] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6652] close(3) = 0 [pid 6652] mkdir("./bus", 0777) = 0 [pid 6652] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6652] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6652] chdir("./bus") = 0 [pid 6652] ioctl(4, LOOP_CLR_FD) = 0 [pid 6652] close(4) = 0 [pid 6652] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6651] <... futex resumed>) = 0 [pid 6652] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6651] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] memfd_create("syzkaller", 0 [pid 6651] <... futex resumed>) = 0 [pid 6652] <... memfd_create resumed>) = 4 [pid 6651] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6652] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6652] munmap(0x7f6d360cf000, 32768) = 0 [pid 6652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6652] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6652] ioctl(5, LOOP_CLR_FD) = 0 [pid 6652] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6652] close(5) = 0 [pid 6652] close(4) = 0 [pid 6652] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 1 [pid 6652] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6652] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [ 150.900767][ T6652] loop0: detected capacity change from 0 to 64 [pid 6651] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] <... futex resumed>) = 1 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6652] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] <... futex resumed>) = 1 [pid 6652] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6652] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] <... futex resumed>) = 1 [pid 6651] <... futex resumed>) = 0 [pid 6652] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6651] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6652] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] <... futex resumed>) = 1 [pid 6651] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6652] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6651] <... futex resumed>) = 0 [pid 6651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6652] <... openat resumed>) = 6 [pid 6652] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6651] <... mmap resumed>) = 0x7f6d360b6000 [pid 6651] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6653 attached => {parent_tid=[6653]}, 88) = 6653 [pid 6653] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6651] rt_sigprocmask(SIG_SETMASK, [], [pid 6653] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6651] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6653] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6653] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6653] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6651] <... futex resumed>) = 0 [pid 6651] exit_group(0 [pid 6652] <... futex resumed>) = ? [pid 6652] +++ exited with 0 +++ [pid 6651] <... exit_group resumed>) = ? [pid 6653] +++ exited with 0 +++ [pid 6651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6651, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./535/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./535/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./535/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./535/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./535/bus") = 0 umount2("./535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./535/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6654 attached , child_tidptr=0x5555564f6750) = 6654 [pid 6654] set_robust_list(0x5555564f6760, 24) = 0 [pid 6654] chdir("./536") = 0 [pid 6654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6654] setpgid(0, 0) = 0 [pid 6654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6654] write(3, "1000", 4) = 4 [pid 6654] close(3) = 0 [pid 6654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6654] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6654] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6654] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6655 attached [pid 6655] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6654] <... clone3 resumed> => {parent_tid=[6655]}, 88) = 6655 [pid 6655] set_robust_list(0x7f6d468e79a0, 24 [pid 6654] rt_sigprocmask(SIG_SETMASK, [], [pid 6655] <... set_robust_list resumed>) = 0 [pid 6654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6655] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6654] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] <... futex resumed>) = 0 [pid 6655] memfd_create("syzkaller", 0 [pid 6654] <... futex resumed>) = 1 [pid 6655] <... memfd_create resumed>) = 3 [pid 6654] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6655] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6655] close(3) = 0 [pid 6655] mkdir("./bus", 0777) = 0 [pid 6655] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6655] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6655] chdir("./bus") = 0 [pid 6655] ioctl(4, LOOP_CLR_FD) = 0 [pid 6655] close(4) = 0 [pid 6655] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6655] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6654] <... futex resumed>) = 0 [pid 6654] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6654] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6655] <... futex resumed>) = 0 [pid 6655] memfd_create("syzkaller", 0) = 4 [pid 6655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6655] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6655] munmap(0x7f6d360cf000, 32768) = 0 [pid 6655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6655] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6655] ioctl(5, LOOP_CLR_FD) = 0 [pid 6655] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6655] close(5) = 0 [pid 6655] close(4) = 0 [pid 6655] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = 0 [pid 6655] <... futex resumed>) = 1 [pid 6654] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6654] <... futex resumed>) = 0 [pid 6655] <... openat resumed>) = 4 [pid 6654] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6655] <... futex resumed>) = 0 [pid 6654] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6654] <... futex resumed>) = 0 [pid 6655] <... write resumed>) = 12288 [pid 6654] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6655] <... futex resumed>) = 0 [pid 6654] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6654] <... futex resumed>) = 0 [pid 6655] <... mmap resumed>) = 0x20000000 [pid 6654] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6654] <... futex resumed>) = 0 [pid 6655] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6654] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6654] <... futex resumed>) = 0 [pid 6655] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6654] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 151.044403][ T6655] loop0: detected capacity change from 0 to 64 [pid 6655] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6655] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6654] <... futex resumed>) = 0 [pid 6655] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6654] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6654] <... futex resumed>) = 0 [pid 6654] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6655] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6654] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6655] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6654] <... mprotect resumed>) = 0 [pid 6654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6655] <... openat resumed>) = 6 ./strace-static-x86_64: Process 6656 attached [pid 6654] <... clone3 resumed> => {parent_tid=[6656]}, 88) = 6656 [pid 6654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6654] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6656] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6655] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] set_robust_list(0x7f6d360d69a0, 24 [pid 6655] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6656] <... set_robust_list resumed>) = 0 [pid 6656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6656] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6656] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6654] <... futex resumed>) = 0 [pid 6656] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6654] exit_group(0) = ? [pid 6655] <... futex resumed>) = ? [pid 6655] +++ exited with 0 +++ [pid 6656] <... futex resumed>) = ? [pid 6656] +++ exited with 0 +++ [pid 6654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6654, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./536/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./536/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./536/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./536/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./536/bus") = 0 umount2("./536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./536/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6657 attached , child_tidptr=0x5555564f6750) = 6657 [pid 6657] set_robust_list(0x5555564f6760, 24) = 0 [pid 6657] chdir("./537") = 0 [pid 6657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6657] setpgid(0, 0) = 0 [pid 6657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6657] write(3, "1000", 4) = 4 [pid 6657] close(3) = 0 [pid 6657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6657] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6657] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6658 attached [pid 6658] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6657] <... clone3 resumed> => {parent_tid=[6658]}, 88) = 6658 [pid 6658] <... rseq resumed>) = 0 [pid 6657] rt_sigprocmask(SIG_SETMASK, [], [pid 6658] set_robust_list(0x7f6d468e79a0, 24 [pid 6657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6658] <... set_robust_list resumed>) = 0 [pid 6657] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6657] <... futex resumed>) = 0 [pid 6658] memfd_create("syzkaller", 0 [pid 6657] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6658] <... memfd_create resumed>) = 3 [pid 6658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6658] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6658] close(3) = 0 [pid 6658] mkdir("./bus", 0777) = 0 [pid 6658] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6658] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6658] chdir("./bus") = 0 [pid 6658] ioctl(4, LOOP_CLR_FD) = 0 [pid 6658] close(4) = 0 [pid 6658] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6658] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6658] <... futex resumed>) = 0 [pid 6657] <... futex resumed>) = 1 [pid 6658] memfd_create("syzkaller", 0) = 4 [pid 6658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6658] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6658] munmap(0x7f6d360cf000, 32768) = 0 [pid 6658] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6657] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6658] <... openat resumed>) = 5 [pid 6658] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6658] ioctl(5, LOOP_CLR_FD) = 0 [pid 6658] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6658] close(5) = 0 [pid 6658] close(4) = 0 [pid 6658] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6658] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6658] <... futex resumed>) = 0 [pid 6657] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6658] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] <... futex resumed>) = 0 [pid 6658] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6657] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6658] <... write resumed>) = 12288 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6658] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6658] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 151.168698][ T6658] loop0: detected capacity change from 0 to 64 [pid 6657] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6658] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6658] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6658] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6657] <... futex resumed>) = 0 [pid 6658] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6657] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6658] <... openat resumed>) = 6 [pid 6657] <... futex resumed>) = 0 [pid 6658] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6658] <... futex resumed>) = 0 [pid 6658] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6657] <... mmap resumed>) = 0x7f6d360b6000 [pid 6657] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6659 attached [pid 6659] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6657] <... clone3 resumed> => {parent_tid=[6659]}, 88) = 6659 [pid 6659] <... rseq resumed>) = 0 [pid 6657] rt_sigprocmask(SIG_SETMASK, [], [pid 6659] set_robust_list(0x7f6d360d69a0, 24 [pid 6657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6659] <... set_robust_list resumed>) = 0 [pid 6657] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6657] <... futex resumed>) = 0 [pid 6659] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6657] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6659] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6659] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6657] <... futex resumed>) = 0 [pid 6659] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6657] exit_group(0 [pid 6658] <... futex resumed>) = ? [pid 6659] <... futex resumed>) = ? [pid 6657] <... exit_group resumed>) = ? [pid 6658] +++ exited with 0 +++ [pid 6659] +++ exited with 0 +++ [pid 6657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6657, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./537/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./537/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./537/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./537/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./537/bus") = 0 umount2("./537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./537/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6660 attached , child_tidptr=0x5555564f6750) = 6660 [pid 6660] set_robust_list(0x5555564f6760, 24) = 0 [pid 6660] chdir("./538") = 0 [pid 6660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6660] setpgid(0, 0) = 0 [pid 6660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6660] write(3, "1000", 4) = 4 [pid 6660] close(3) = 0 [pid 6660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6660] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6660] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6661 attached [pid 6661] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6660] <... clone3 resumed> => {parent_tid=[6661]}, 88) = 6661 [pid 6661] <... rseq resumed>) = 0 [pid 6660] rt_sigprocmask(SIG_SETMASK, [], [pid 6661] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6661] rt_sigprocmask(SIG_SETMASK, [], [pid 6660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6661] memfd_create("syzkaller", 0 [pid 6660] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] <... memfd_create resumed>) = 3 [pid 6660] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6661] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6661] close(3) = 0 [pid 6661] mkdir("./bus", 0777) = 0 [pid 6661] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6661] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6661] chdir("./bus") = 0 [pid 6661] ioctl(4, LOOP_CLR_FD) = 0 [pid 6661] close(4) = 0 [pid 6661] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] memfd_create("syzkaller", 0) = 4 [pid 6661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6660] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6661] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6661] munmap(0x7f6d360cf000, 32768) = 0 [pid 6661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6661] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6661] ioctl(5, LOOP_CLR_FD) = 0 [pid 6661] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6661] close(5) = 0 [pid 6661] close(4) = 0 [pid 6661] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6661] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] <... futex resumed>) = 1 [pid 6661] <... futex resumed>) = 0 [pid 6660] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6660] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] <... futex resumed>) = 0 [pid 6660] <... futex resumed>) = 1 [pid 6661] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6660] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... write resumed>) = 12288 [pid 6661] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6660] <... futex resumed>) = 0 [pid 6661] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6660] <... futex resumed>) = 0 [pid 6661] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6660] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... mmap resumed>) = 0x20000000 [pid 6661] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6660] <... futex resumed>) = 0 [pid 6661] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6660] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6660] <... futex resumed>) = 0 [pid 6661] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6660] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... openat resumed>) = 5 [pid 6661] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6660] <... futex resumed>) = 0 [pid 6661] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6660] <... futex resumed>) = 0 [pid 6661] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6660] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6660] <... futex resumed>) = 0 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6661] <... openat resumed>) = 6 [pid 6661] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] <... mmap resumed>) = 0x7f6d360b6000 [pid 6661] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6662 attached [ 151.318108][ T6661] loop0: detected capacity change from 0 to 64 [pid 6662] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6660] <... clone3 resumed> => {parent_tid=[6662]}, 88) = 6662 [pid 6662] set_robust_list(0x7f6d360d69a0, 24 [pid 6660] rt_sigprocmask(SIG_SETMASK, [], [pid 6662] <... set_robust_list resumed>) = 0 [pid 6660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6662] rt_sigprocmask(SIG_SETMASK, [], [pid 6660] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6660] <... futex resumed>) = 0 [pid 6662] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6660] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6662] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6662] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6662] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] <... futex resumed>) = 0 [pid 6660] exit_group(0 [pid 6662] <... futex resumed>) = ? [pid 6662] +++ exited with 0 +++ [pid 6660] <... exit_group resumed>) = ? [pid 6661] <... futex resumed>) = ? [pid 6661] +++ exited with 0 +++ [pid 6660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6660, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./538/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./538/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./538/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./538/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./538/bus") = 0 umount2("./538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./538/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6663 attached , child_tidptr=0x5555564f6750) = 6663 [pid 6663] set_robust_list(0x5555564f6760, 24) = 0 [pid 6663] chdir("./539") = 0 [pid 6663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6663] setpgid(0, 0) = 0 [pid 6663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6663] write(3, "1000", 4) = 4 [pid 6663] close(3) = 0 [pid 6663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6663] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6663] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6664 attached [pid 6664] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6663] <... clone3 resumed> => {parent_tid=[6664]}, 88) = 6664 [pid 6664] <... rseq resumed>) = 0 [pid 6663] rt_sigprocmask(SIG_SETMASK, [], [pid 6664] set_robust_list(0x7f6d468e79a0, 24 [pid 6663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6664] <... set_robust_list resumed>) = 0 [pid 6663] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] rt_sigprocmask(SIG_SETMASK, [], [pid 6663] <... futex resumed>) = 0 [pid 6664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6663] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6664] memfd_create("syzkaller", 0) = 3 [pid 6664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6664] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6664] close(3) = 0 [pid 6664] mkdir("./bus", 0777) = 0 [pid 6664] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6664] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6664] chdir("./bus") = 0 [pid 6664] ioctl(4, LOOP_CLR_FD) = 0 [pid 6664] close(4) = 0 [pid 6664] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6664] memfd_create("syzkaller", 0) = 4 [pid 6664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6664] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6664] munmap(0x7f6d360cf000, 32768) = 0 [pid 6664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6664] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6664] ioctl(5, LOOP_CLR_FD) = 0 [pid 6664] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6664] close(5) = 0 [pid 6664] close(4) = 0 [pid 6664] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6664] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6663] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6664] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6664] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6663] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6664] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6663] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6664] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6664] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... futex resumed>) = 0 [pid 6664] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6664] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6663] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... openat resumed>) = 6 [pid 6663] <... futex resumed>) = 0 [ 151.430103][ T6664] loop0: detected capacity change from 0 to 64 [pid 6664] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6664] <... futex resumed>) = 0 [pid 6664] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] <... mmap resumed>) = 0x7f6d360b6000 [pid 6663] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6665 attached [pid 6665] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6663] <... clone3 resumed> => {parent_tid=[6665]}, 88) = 6665 [pid 6665] <... rseq resumed>) = 0 [pid 6663] rt_sigprocmask(SIG_SETMASK, [], [pid 6665] set_robust_list(0x7f6d360d69a0, 24 [pid 6663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6665] <... set_robust_list resumed>) = 0 [pid 6663] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] rt_sigprocmask(SIG_SETMASK, [], [pid 6663] <... futex resumed>) = 0 [pid 6665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6663] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6665] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6665] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6665] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] exit_group(0 [pid 6665] <... futex resumed>) = ? [pid 6664] <... futex resumed>) = ? [pid 6663] <... exit_group resumed>) = ? [pid 6665] +++ exited with 0 +++ [pid 6664] +++ exited with 0 +++ [pid 6663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6663, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./539/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./539/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./539/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./539/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/bus") = 0 umount2("./539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./539/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6666 attached , child_tidptr=0x5555564f6750) = 6666 [pid 6666] set_robust_list(0x5555564f6760, 24) = 0 [pid 6666] chdir("./540") = 0 [pid 6666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6666] setpgid(0, 0) = 0 [pid 6666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6666] write(3, "1000", 4) = 4 [pid 6666] close(3) = 0 [pid 6666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6666] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6666] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6667]}, 88) = 6667 [pid 6666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6666] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6667 attached [pid 6667] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6667] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6667] memfd_create("syzkaller", 0) = 3 [pid 6667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6667] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6667] close(3) = 0 [pid 6667] mkdir("./bus", 0777) = 0 [pid 6667] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6667] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6667] chdir("./bus") = 0 [pid 6667] ioctl(4, LOOP_CLR_FD) = 0 [pid 6667] close(4) = 0 [pid 6667] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6667] <... futex resumed>) = 0 [pid 6667] memfd_create("syzkaller", 0) = 4 [pid 6667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6667] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6667] munmap(0x7f6d360cf000, 32768) = 0 [pid 6667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6667] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6667] ioctl(5, LOOP_CLR_FD) = 0 [pid 6667] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6667] close(5) = 0 [pid 6667] close(4) = 0 [pid 6667] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6667] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6666] <... futex resumed>) = 0 [pid 6667] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6666] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... write resumed>) = 12288 [pid 6667] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6667] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... mmap resumed>) = 0x20000000 [pid 6667] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6666] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6667] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6667] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] <... futex resumed>) = 0 [pid 6666] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6666] <... futex resumed>) = 0 [pid 6667] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6667] <... openat resumed>) = 6 [pid 6667] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... mmap resumed>) = 0x7f6d360b6000 [pid 6667] <... futex resumed>) = 0 [pid 6666] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6667] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... mprotect resumed>) = 0 [pid 6666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 151.553264][ T6667] loop0: detected capacity change from 0 to 64 [pid 6666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6668 attached [pid 6668] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6666] <... clone3 resumed> => {parent_tid=[6668]}, 88) = 6668 [pid 6668] <... rseq resumed>) = 0 [pid 6666] rt_sigprocmask(SIG_SETMASK, [], [pid 6668] set_robust_list(0x7f6d360d69a0, 24 [pid 6666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6668] <... set_robust_list resumed>) = 0 [pid 6666] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] rt_sigprocmask(SIG_SETMASK, [], [pid 6666] <... futex resumed>) = 0 [pid 6668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6666] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6668] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6668] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6668] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] exit_group(0 [pid 6668] <... futex resumed>) = ? [pid 6667] <... futex resumed>) = ? [pid 6666] <... exit_group resumed>) = ? [pid 6668] +++ exited with 0 +++ [pid 6667] +++ exited with 0 +++ [pid 6666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6666, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./540/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./540/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./540/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./540/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./540/bus") = 0 umount2("./540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./540/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6669 attached , child_tidptr=0x5555564f6750) = 6669 [pid 6669] set_robust_list(0x5555564f6760, 24) = 0 [pid 6669] chdir("./541") = 0 [pid 6669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6669] setpgid(0, 0) = 0 [pid 6669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6669] write(3, "1000", 4) = 4 [pid 6669] close(3) = 0 [pid 6669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6669] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6669] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6670 attached [pid 6670] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6669] <... clone3 resumed> => {parent_tid=[6670]}, 88) = 6670 [pid 6670] set_robust_list(0x7f6d468e79a0, 24 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], [pid 6670] <... set_robust_list resumed>) = 0 [pid 6669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6669] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] rt_sigprocmask(SIG_SETMASK, [], [pid 6669] <... futex resumed>) = 0 [pid 6670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6670] memfd_create("syzkaller", 0 [pid 6669] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6670] <... memfd_create resumed>) = 3 [pid 6670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6670] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6670] close(3) = 0 [pid 6670] mkdir("./bus", 0777) = 0 [pid 6670] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6670] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6670] chdir("./bus") = 0 [pid 6670] ioctl(4, LOOP_CLR_FD) = 0 [pid 6670] close(4) = 0 [pid 6670] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... futex resumed>) = 1 [pid 6669] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] memfd_create("syzkaller", 0 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... memfd_create resumed>) = 4 [pid 6669] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6670] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6670] munmap(0x7f6d360cf000, 32768) = 0 [pid 6670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6670] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6670] ioctl(5, LOOP_CLR_FD) = 0 [pid 6670] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6670] close(5) = 0 [pid 6670] close(4) = 0 [pid 6670] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... openat resumed>) = 4 [pid 6669] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... futex resumed>) = 1 [pid 6670] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6670] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... futex resumed>) = 1 [pid 6670] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6670] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6669] <... futex resumed>) = 0 [pid 6670] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6669] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... openat resumed>) = 5 [pid 6670] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6670] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6670] <... futex resumed>) = 0 [pid 6669] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6669] <... futex resumed>) = 0 [ 151.689757][ T6670] loop0: detected capacity change from 0 to 64 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6669] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6670] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6669] <... mprotect resumed>) = 0 [pid 6670] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6671 attached => {parent_tid=[6671]}, 88) = 6671 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6669] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6671] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6671] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6671] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6671] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = 0 [pid 6669] exit_group(0 [pid 6670] <... futex resumed>) = ? [pid 6669] <... exit_group resumed>) = ? [pid 6670] +++ exited with 0 +++ [pid 6671] <... futex resumed>) = ? [pid 6671] +++ exited with 0 +++ [pid 6669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6669, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./541/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./541/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./541/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./541/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/bus") = 0 umount2("./541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./541/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6672 attached [pid 6672] set_robust_list(0x5555564f6760, 24) = 0 [pid 6672] chdir("./542") = 0 [pid 6672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6672] setpgid(0, 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6672 [pid 6672] <... setpgid resumed>) = 0 [pid 6672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6672] write(3, "1000", 4) = 4 [pid 6672] close(3) = 0 [pid 6672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6672] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6672] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6673 attached [pid 6673] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6672] <... clone3 resumed> => {parent_tid=[6673]}, 88) = 6673 [pid 6673] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6673] rt_sigprocmask(SIG_SETMASK, [], [pid 6672] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6672] <... futex resumed>) = 0 [pid 6673] memfd_create("syzkaller", 0 [pid 6672] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6673] <... memfd_create resumed>) = 3 [pid 6673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6673] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6673] close(3) = 0 [pid 6673] mkdir("./bus", 0777) = 0 [pid 6673] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6673] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6673] chdir("./bus") = 0 [pid 6673] ioctl(4, LOOP_CLR_FD) = 0 [pid 6673] close(4) = 0 [pid 6673] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6673] <... futex resumed>) = 1 [pid 6672] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6673] memfd_create("syzkaller", 0 [pid 6672] <... futex resumed>) = 0 [pid 6673] <... memfd_create resumed>) = 4 [pid 6672] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6673] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6673] munmap(0x7f6d360cf000, 32768) = 0 [pid 6673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6673] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6673] ioctl(5, LOOP_CLR_FD) = 0 [pid 6673] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6673] close(5) = 0 [pid 6673] close(4) = 0 [pid 6673] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6672] <... futex resumed>) = 0 [pid 6672] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6673] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6672] <... futex resumed>) = 0 [pid 6673] <... openat resumed>) = 4 [pid 6672] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6673] <... futex resumed>) = 1 [pid 6672] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6673] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6672] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] <... write resumed>) = 12288 [pid 6673] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6673] <... futex resumed>) = 1 [pid 6672] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6673] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6672] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] <... mmap resumed>) = 0x20000000 [pid 6673] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [pid 6673] <... futex resumed>) = 1 [pid 6672] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6673] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6672] <... futex resumed>) = 0 [pid 6673] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6672] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6673] <... openat resumed>) = 5 [pid 6673] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6672] <... futex resumed>) = 0 [pid 6673] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6672] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6672] <... futex resumed>) = 0 [pid 6672] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6673] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6673] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6672] <... futex resumed>) = 0 [pid 6672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6672] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6673] <... openat resumed>) = 6 [pid 6672] <... mprotect resumed>) = 0 [pid 6673] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6673] <... futex resumed>) = 0 [pid 6673] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6674 attached [pid 6674] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6672] <... clone3 resumed> => {parent_tid=[6674]}, 88) = 6674 [pid 6674] <... rseq resumed>) = 0 [pid 6674] set_robust_list(0x7f6d360d69a0, 24 [pid 6672] rt_sigprocmask(SIG_SETMASK, [], [pid 6674] <... set_robust_list resumed>) = 0 [pid 6672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6674] rt_sigprocmask(SIG_SETMASK, [], [pid 6672] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6672] <... futex resumed>) = 0 [pid 6674] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6672] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6674] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6674] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6672] <... futex resumed>) = 0 [ 151.831735][ T6673] loop0: detected capacity change from 0 to 64 [pid 6674] <... futex resumed>) = 1 [pid 6674] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6672] exit_group(0 [pid 6674] <... futex resumed>) = ? [pid 6673] <... futex resumed>) = ? [pid 6674] +++ exited with 0 +++ [pid 6672] <... exit_group resumed>) = ? [pid 6673] +++ exited with 0 +++ [pid 6672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6672, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./542/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./542/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./542/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./542/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./542/bus") = 0 umount2("./542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./542/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6675 attached , child_tidptr=0x5555564f6750) = 6675 [pid 6675] set_robust_list(0x5555564f6760, 24) = 0 [pid 6675] chdir("./543") = 0 [pid 6675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6675] setpgid(0, 0) = 0 [pid 6675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6675] write(3, "1000", 4) = 4 [pid 6675] close(3) = 0 [pid 6675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6675] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6675] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6676 attached => {parent_tid=[6676]}, 88) = 6676 [pid 6676] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6676] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6676] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6675] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] <... futex resumed>) = 0 [pid 6676] memfd_create("syzkaller", 0) = 3 [pid 6676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6675] <... futex resumed>) = 1 [pid 6675] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6676] <... write resumed>) = 32768 [pid 6676] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6676] close(3) = 0 [pid 6676] mkdir("./bus", 0777) = 0 [pid 6676] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6676] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6676] chdir("./bus") = 0 [pid 6676] ioctl(4, LOOP_CLR_FD) = 0 [pid 6676] close(4) = 0 [pid 6676] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6676] memfd_create("syzkaller", 0) = 4 [pid 6676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6676] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6676] munmap(0x7f6d360cf000, 32768) = 0 [pid 6676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6676] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6676] ioctl(5, LOOP_CLR_FD) = 0 [pid 6676] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6676] close(5) = 0 [pid 6676] close(4) = 0 [pid 6676] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6676] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6676] <... futex resumed>) = 0 [pid 6675] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6676] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6676] <... futex resumed>) = 1 [pid 6676] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6675] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6675] <... futex resumed>) = 0 [pid 6676] <... write resumed>) = 12288 [pid 6675] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] <... futex resumed>) = 1 [pid 6676] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6676] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.980310][ T6676] loop0: detected capacity change from 0 to 64 [pid 6676] <... futex resumed>) = 1 [pid 6675] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6676] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6676] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6675] <... futex resumed>) = 0 [pid 6676] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6675] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6675] <... futex resumed>) = 0 [pid 6676] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6675] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6675] <... futex resumed>) = 0 [pid 6675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6675] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6676] <... openat resumed>) = 6 [pid 6676] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6675] <... mprotect resumed>) = 0 [pid 6675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6677 attached [pid 6677] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6675] <... clone3 resumed> => {parent_tid=[6677]}, 88) = 6677 [pid 6677] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6675] rt_sigprocmask(SIG_SETMASK, [], [pid 6677] rt_sigprocmask(SIG_SETMASK, [], [pid 6675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6675] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6675] <... futex resumed>) = 0 [pid 6675] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6677] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6677] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6675] <... futex resumed>) = 0 [pid 6677] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6675] exit_group(0) = ? [pid 6676] <... futex resumed>) = ? [pid 6677] <... futex resumed>) = ? [pid 6677] +++ exited with 0 +++ [pid 6676] +++ exited with 0 +++ [pid 6675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6675, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./543", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./543/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./543/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./543/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./543/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./543/bus") = 0 umount2("./543/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./543/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./543") = 0 mkdir("./544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6678 attached , child_tidptr=0x5555564f6750) = 6678 [pid 6678] set_robust_list(0x5555564f6760, 24) = 0 [pid 6678] chdir("./544") = 0 [pid 6678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6678] setpgid(0, 0) = 0 [pid 6678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6678] write(3, "1000", 4) = 4 [pid 6678] close(3) = 0 [pid 6678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6678] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6678] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6678] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6678] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6678] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6679]}, 88) = 6679 [pid 6678] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6678] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6679 attached [pid 6679] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6679] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6679] memfd_create("syzkaller", 0) = 3 [pid 6679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6679] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6679] close(3) = 0 [pid 6679] mkdir("./bus", 0777) = 0 [pid 6679] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6679] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6679] chdir("./bus") = 0 [pid 6679] ioctl(4, LOOP_CLR_FD) = 0 [pid 6679] close(4) = 0 [pid 6679] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6679] <... futex resumed>) = 1 [pid 6678] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] memfd_create("syzkaller", 0 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6679] <... memfd_create resumed>) = 4 [pid 6679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6679] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6679] munmap(0x7f6d360cf000, 32768) = 0 [pid 6679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6679] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6679] ioctl(5, LOOP_CLR_FD) = 0 [pid 6679] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6679] close(5) = 0 [pid 6679] close(4) = 0 [pid 6679] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6679] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] <... futex resumed>) = 0 [pid 6678] <... futex resumed>) = 1 [pid 6679] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6678] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... openat resumed>) = 4 [pid 6679] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] <... futex resumed>) = 1 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6679] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... futex resumed>) = 1 [pid 6679] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6679] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6679] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6678] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6679] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6678] <... futex resumed>) = 0 [pid 6679] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6678] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6678] <... futex resumed>) = 0 [pid 6679] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6679] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] <... mmap resumed>) = 0x7f6d360b6000 [pid 6679] <... futex resumed>) = 0 [pid 6678] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6679] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6678] <... mprotect resumed>) = 0 [pid 6678] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 152.137423][ T6679] loop0: detected capacity change from 0 to 64 [pid 6678] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6680 attached => {parent_tid=[6680]}, 88) = 6680 [pid 6680] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6678] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6678] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6678] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6680] <... rseq resumed>) = 0 [pid 6680] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6680] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6680] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6678] <... futex resumed>) = 0 [pid 6678] exit_group(0 [pid 6680] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6679] <... futex resumed>) = ? [pid 6679] +++ exited with 0 +++ [pid 6680] +++ exited with 0 +++ [pid 6678] <... exit_group resumed>) = ? [pid 6678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6678, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./544", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./544/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./544/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./544/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./544/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./544/bus") = 0 umount2("./544/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./544/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./544") = 0 mkdir("./545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6681 attached , child_tidptr=0x5555564f6750) = 6681 [pid 6681] set_robust_list(0x5555564f6760, 24) = 0 [pid 6681] chdir("./545") = 0 [pid 6681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6681] setpgid(0, 0) = 0 [pid 6681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6681] write(3, "1000", 4) = 4 [pid 6681] close(3) = 0 [pid 6681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6681] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6681] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6681] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6681] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6682 attached [pid 6682] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6681] <... clone3 resumed> => {parent_tid=[6682]}, 88) = 6682 [pid 6682] <... rseq resumed>) = 0 [pid 6681] rt_sigprocmask(SIG_SETMASK, [], [pid 6682] set_robust_list(0x7f6d468e79a0, 24 [pid 6681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6682] <... set_robust_list resumed>) = 0 [pid 6681] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6681] <... futex resumed>) = 0 [pid 6682] memfd_create("syzkaller", 0 [pid 6681] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6682] <... memfd_create resumed>) = 3 [pid 6682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6682] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6682] close(3) = 0 [pid 6682] mkdir("./bus", 0777) = 0 [pid 6682] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6682] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6682] chdir("./bus") = 0 [pid 6682] ioctl(4, LOOP_CLR_FD) = 0 [pid 6682] close(4) = 0 [pid 6682] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] memfd_create("syzkaller", 0 [pid 6681] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] <... memfd_create resumed>) = 4 [pid 6681] <... futex resumed>) = 0 [pid 6681] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6682] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6682] munmap(0x7f6d360cf000, 32768) = 0 [pid 6682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6682] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6682] ioctl(5, LOOP_CLR_FD) = 0 [pid 6682] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6682] close(5) = 0 [pid 6682] close(4) = 0 [pid 6682] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6682] <... futex resumed>) = 0 [pid 6681] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6682] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6682] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6681] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] <... write resumed>) = 12288 [pid 6681] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6682] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6681] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] <... mmap resumed>) = 0x20000000 [pid 6681] <... futex resumed>) = 0 [pid 6682] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6681] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6682] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6682] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6682] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6682] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6681] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6681] <... futex resumed>) = 0 [pid 6682] <... openat resumed>) = 6 [pid 6681] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6681] <... futex resumed>) = 0 [pid 6682] <... futex resumed>) = 0 [pid 6681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6682] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] <... mmap resumed>) = 0x7f6d360b6000 [pid 6681] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6681] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6683 attached [pid 6683] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6683] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6683] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] <... clone3 resumed> => {parent_tid=[6683]}, 88) = 6683 [pid 6681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6681] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] <... futex resumed>) = 0 [pid 6681] <... futex resumed>) = 1 [pid 6683] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6681] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6683] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6683] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] exit_group(0 [pid 6683] <... futex resumed>) = ? [pid 6682] <... futex resumed>) = ? [pid 6681] <... exit_group resumed>) = ? [pid 6683] +++ exited with 0 +++ [ 152.255577][ T6682] loop0: detected capacity change from 0 to 64 [pid 6682] +++ exited with 0 +++ [pid 6681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6681, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./545", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./545/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./545/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./545/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./545/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./545/bus") = 0 umount2("./545/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./545/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./545") = 0 mkdir("./546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6684 attached , child_tidptr=0x5555564f6750) = 6684 [pid 6684] set_robust_list(0x5555564f6760, 24) = 0 [pid 6684] chdir("./546") = 0 [pid 6684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6684] setpgid(0, 0) = 0 [pid 6684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6684] write(3, "1000", 4) = 4 [pid 6684] close(3) = 0 [pid 6684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6684] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6684] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6684] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6685]}, 88) = 6685 [pid 6684] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6685 attached [pid 6685] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6685] set_robust_list(0x7f6d468e79a0, 24 [pid 6684] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] <... set_robust_list resumed>) = 0 [pid 6685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6685] memfd_create("syzkaller", 0) = 3 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6685] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6685] close(3) = 0 [pid 6685] mkdir("./bus", 0777) = 0 [pid 6685] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6685] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6685] chdir("./bus") = 0 [pid 6685] ioctl(4, LOOP_CLR_FD) = 0 [pid 6685] close(4) = 0 [pid 6685] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6685] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6684] <... futex resumed>) = 0 [pid 6684] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] memfd_create("syzkaller", 0) = 4 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6685] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6685] munmap(0x7f6d360cf000, 32768) = 0 [pid 6685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6685] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6685] ioctl(5, LOOP_CLR_FD) = 0 [pid 6685] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6685] close(5) = 0 [pid 6685] close(4) = 0 [pid 6685] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... futex resumed>) = 0 [pid 6685] <... futex resumed>) = 1 [pid 6684] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6684] <... futex resumed>) = 0 [pid 6685] <... openat resumed>) = 4 [pid 6684] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [ 152.391580][ T6685] loop0: detected capacity change from 0 to 64 [pid 6684] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6684] <... futex resumed>) = 0 [pid 6684] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] <... write resumed>) = 12288 [pid 6685] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6685] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6684] <... futex resumed>) = 0 [pid 6685] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6684] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] <... mmap resumed>) = 0x20000000 [pid 6685] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6685] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = 0 [pid 6684] <... futex resumed>) = 1 [pid 6685] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6685] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6684] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] <... openat resumed>) = 5 [pid 6685] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6685] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6684] <... futex resumed>) = 0 [pid 6685] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6684] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6684] <... futex resumed>) = 0 [pid 6685] <... openat resumed>) = 6 [pid 6684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6685] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] <... mmap resumed>) = 0x7f6d360b6000 [pid 6685] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6686 attached [pid 6686] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6684] <... clone3 resumed> => {parent_tid=[6686]}, 88) = 6686 [pid 6686] <... rseq resumed>) = 0 [pid 6684] rt_sigprocmask(SIG_SETMASK, [], [pid 6686] set_robust_list(0x7f6d360d69a0, 24 [pid 6684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6686] <... set_robust_list resumed>) = 0 [pid 6684] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] rt_sigprocmask(SIG_SETMASK, [], [pid 6684] <... futex resumed>) = 0 [pid 6686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6684] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6686] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6686] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] <... futex resumed>) = 0 [pid 6686] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] exit_group(0 [pid 6686] <... futex resumed>) = ? [pid 6685] <... futex resumed>) = ? [pid 6684] <... exit_group resumed>) = ? [pid 6686] +++ exited with 0 +++ [pid 6685] +++ exited with 0 +++ [pid 6684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6684, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./546", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./546/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./546/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./546/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./546/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./546/bus") = 0 umount2("./546/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./546/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./546") = 0 mkdir("./547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6687 attached , child_tidptr=0x5555564f6750) = 6687 [pid 6687] set_robust_list(0x5555564f6760, 24) = 0 [pid 6687] chdir("./547") = 0 [pid 6687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6687] setpgid(0, 0) = 0 [pid 6687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6687] write(3, "1000", 4) = 4 [pid 6687] close(3) = 0 [pid 6687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6687] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6687] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6688 attached => {parent_tid=[6688]}, 88) = 6688 [pid 6687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6687] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6687] <... futex resumed>) = 0 [pid 6688] <... rseq resumed>) = 0 [pid 6687] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6688] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6688] memfd_create("syzkaller", 0) = 3 [pid 6688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6688] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6688] close(3) = 0 [pid 6688] mkdir("./bus", 0777) = 0 [pid 6688] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6688] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6688] chdir("./bus") = 0 [pid 6688] ioctl(4, LOOP_CLR_FD) = 0 [pid 6688] close(4) = 0 [pid 6688] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... futex resumed>) = 0 [pid 6687] <... futex resumed>) = 1 [pid 6688] memfd_create("syzkaller", 0) = 4 [pid 6687] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6688] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6688] munmap(0x7f6d360cf000, 32768) = 0 [pid 6688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6688] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6688] ioctl(5, LOOP_CLR_FD) = 0 [pid 6688] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6688] close(5) = 0 [pid 6688] close(4) = 0 [pid 6688] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6688] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6687] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] <... write resumed>) = 12288 [pid 6688] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6688] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6688] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... futex resumed>) = 0 [pid 6688] <... futex resumed>) = 1 [pid 6687] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6687] <... futex resumed>) = 0 [pid 6688] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6687] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... openat resumed>) = 6 [pid 6687] <... futex resumed>) = 0 [pid 6688] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6688] <... futex resumed>) = 0 [pid 6687] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6688] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] <... mprotect resumed>) = 0 [pid 6687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6689 attached => {parent_tid=[6689]}, 88) = 6689 [pid 6689] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6689] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6689] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6687] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6687] <... futex resumed>) = 1 [ 152.549539][ T6688] loop0: detected capacity change from 0 to 64 [pid 6689] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6687] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] <... futex resumed>) = 0 [pid 6689] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] exit_group(0 [pid 6689] <... futex resumed>) = ? [pid 6688] <... futex resumed>) = ? [pid 6687] <... exit_group resumed>) = ? [pid 6689] +++ exited with 0 +++ [pid 6688] +++ exited with 0 +++ [pid 6687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6687, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./547", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./547/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./547/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./547/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./547/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./547/bus") = 0 umount2("./547/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./547/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./547") = 0 mkdir("./548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6690 attached , child_tidptr=0x5555564f6750) = 6690 [pid 6690] set_robust_list(0x5555564f6760, 24) = 0 [pid 6690] chdir("./548") = 0 [pid 6690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6690] setpgid(0, 0) = 0 [pid 6690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6690] write(3, "1000", 4) = 4 [pid 6690] close(3) = 0 [pid 6690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6690] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6690] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6690] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6690] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6691 attached => {parent_tid=[6691]}, 88) = 6691 [pid 6690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6691] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6691] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6691] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] <... futex resumed>) = 0 [pid 6690] <... futex resumed>) = 1 [pid 6690] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6691] memfd_create("syzkaller", 0) = 3 [pid 6691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6691] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6691] close(3) = 0 [pid 6691] mkdir("./bus", 0777) = 0 [pid 6691] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6691] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6691] chdir("./bus") = 0 [pid 6691] ioctl(4, LOOP_CLR_FD) = 0 [pid 6691] close(4) = 0 [pid 6691] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] memfd_create("syzkaller", 0) = 4 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6691] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6691] munmap(0x7f6d360cf000, 32768) = 0 [pid 6691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6691] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6691] ioctl(5, LOOP_CLR_FD) = 0 [pid 6691] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6691] close(5) = 0 [pid 6691] close(4) = 0 [pid 6691] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6691] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] <... futex resumed>) = 0 [pid 6690] <... futex resumed>) = 1 [pid 6691] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6690] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] <... futex resumed>) = 0 [pid 6691] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6690] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... write resumed>) = 12288 [pid 6691] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... futex resumed>) = 1 [pid 6691] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6691] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... futex resumed>) = 1 [pid 6691] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6691] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6691] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6691] <... futex resumed>) = 1 [pid 6690] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6690] <... futex resumed>) = 0 [pid 6691] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6690] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] <... openat resumed>) = 6 [pid 6690] <... futex resumed>) = 0 [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6690] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6691] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6692 attached [ 152.697518][ T6691] loop0: detected capacity change from 0 to 64 => {parent_tid=[6692]}, 88) = 6692 [pid 6690] rt_sigprocmask(SIG_SETMASK, [], [pid 6692] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6692] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6692] rt_sigprocmask(SIG_SETMASK, [], [pid 6690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6690] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6692] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6692] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6690] exit_group(0) = ? [pid 6691] <... futex resumed>) = ? [pid 6691] +++ exited with 0 +++ [pid 6692] <... futex resumed>) = ? [pid 6692] +++ exited with 0 +++ [pid 6690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6690, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./548", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./548/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./548/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./548/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./548/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./548/bus") = 0 umount2("./548/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./548/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./548") = 0 mkdir("./549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6693 attached , child_tidptr=0x5555564f6750) = 6693 [pid 6693] set_robust_list(0x5555564f6760, 24) = 0 [pid 6693] chdir("./549") = 0 [pid 6693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6693] setpgid(0, 0) = 0 [pid 6693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6693] write(3, "1000", 4) = 4 [pid 6693] close(3) = 0 [pid 6693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6693] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6693] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6693] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6693] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6693] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6694 attached => {parent_tid=[6694]}, 88) = 6694 [pid 6694] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6693] rt_sigprocmask(SIG_SETMASK, [], [pid 6694] set_robust_list(0x7f6d468e79a0, 24 [pid 6693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6694] <... set_robust_list resumed>) = 0 [pid 6693] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6693] <... futex resumed>) = 0 [pid 6694] memfd_create("syzkaller", 0 [pid 6693] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6694] <... memfd_create resumed>) = 3 [pid 6694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6694] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6694] close(3) = 0 [pid 6694] mkdir("./bus", 0777) = 0 [pid 6694] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6694] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6694] chdir("./bus") = 0 [pid 6694] ioctl(4, LOOP_CLR_FD) = 0 [pid 6694] close(4) = 0 [pid 6694] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6694] <... futex resumed>) = 1 [pid 6693] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] memfd_create("syzkaller", 0 [pid 6693] <... futex resumed>) = 0 [pid 6694] <... memfd_create resumed>) = 4 [pid 6693] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6694] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6694] munmap(0x7f6d360cf000, 32768) = 0 [pid 6694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6694] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6694] ioctl(5, LOOP_CLR_FD) = 0 [pid 6694] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6694] close(5) = 0 [pid 6694] close(4) = 0 [pid 6694] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6694] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6693] <... futex resumed>) = 0 [pid 6693] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6694] <... futex resumed>) = 0 [pid 6694] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6694] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6694] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6693] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6693] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6694] <... futex resumed>) = 0 [pid 6694] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6693] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] <... write resumed>) = 12288 [pid 6694] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6693] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] <... futex resumed>) = 1 [pid 6694] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6694] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6693] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6693] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6694] <... futex resumed>) = 1 [pid 6694] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6694] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6694] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6693] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6694] <... futex resumed>) = 1 [pid 6693] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6693] <... futex resumed>) = 0 [pid 6694] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6693] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6694] <... openat resumed>) = 6 [pid 6693] <... mprotect resumed>) = 0 [pid 6694] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6694] <... futex resumed>) = 0 [pid 6693] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6694] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6693] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6695]}, 88) = 6695 [pid 6693] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6695 attached [pid 6695] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6695] <... rseq resumed>) = 0 [pid 6693] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6695] set_robust_list(0x7f6d360d69a0, 24 [pid 6693] <... futex resumed>) = 0 [pid 6695] <... set_robust_list resumed>) = 0 [pid 6695] rt_sigprocmask(SIG_SETMASK, [], [pid 6693] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6695] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 152.806572][ T6694] loop0: detected capacity change from 0 to 64 [pid 6695] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6695] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = 0 [pid 6695] <... futex resumed>) = 1 [pid 6695] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6693] exit_group(0 [pid 6694] <... futex resumed>) = ? [pid 6695] <... futex resumed>) = ? [pid 6693] <... exit_group resumed>) = ? [pid 6694] +++ exited with 0 +++ [pid 6695] +++ exited with 0 +++ [pid 6693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6693, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./549", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./549/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./549/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./549/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./549/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./549/bus") = 0 umount2("./549/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./549/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./549") = 0 mkdir("./550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6696 attached , child_tidptr=0x5555564f6750) = 6696 [pid 6696] set_robust_list(0x5555564f6760, 24) = 0 [pid 6696] chdir("./550") = 0 [pid 6696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6696] setpgid(0, 0) = 0 [pid 6696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6696] write(3, "1000", 4) = 4 [pid 6696] close(3) = 0 [pid 6696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6696] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6696] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6696] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6696] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6697 attached => {parent_tid=[6697]}, 88) = 6697 [pid 6697] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6696] rt_sigprocmask(SIG_SETMASK, [], [pid 6697] set_robust_list(0x7f6d468e79a0, 24 [pid 6696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6697] <... set_robust_list resumed>) = 0 [pid 6696] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] rt_sigprocmask(SIG_SETMASK, [], [pid 6696] <... futex resumed>) = 0 [pid 6697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6696] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6697] memfd_create("syzkaller", 0) = 3 [pid 6697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6697] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6697] close(3) = 0 [pid 6697] mkdir("./bus", 0777) = 0 [pid 6697] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6697] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6697] chdir("./bus") = 0 [pid 6697] ioctl(4, LOOP_CLR_FD) = 0 [pid 6697] close(4) = 0 [pid 6697] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = 0 [pid 6697] <... futex resumed>) = 1 [pid 6696] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] memfd_create("syzkaller", 0 [pid 6696] <... futex resumed>) = 0 [pid 6697] <... memfd_create resumed>) = 4 [pid 6696] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6697] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6697] munmap(0x7f6d360cf000, 32768) = 0 [pid 6697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6697] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6697] ioctl(5, LOOP_CLR_FD) = 0 [pid 6697] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6697] close(5) = 0 [pid 6697] close(4) = 0 [pid 6697] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6696] <... futex resumed>) = 0 [pid 6697] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6696] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6697] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6696] <... futex resumed>) = 0 [pid 6697] <... openat resumed>) = 4 [pid 6697] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6697] <... futex resumed>) = 0 [pid 6696] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6697] <... write resumed>) = 12288 [pid 6697] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = 0 [pid 6697] <... futex resumed>) = 1 [pid 6696] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6697] <... mmap resumed>) = 0x20000000 [pid 6697] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 152.923759][ T6697] loop0: detected capacity change from 0 to 64 [pid 6697] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6697] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6697] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6696] <... futex resumed>) = 0 [pid 6696] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] <... futex resumed>) = 0 [pid 6696] <... futex resumed>) = 1 [pid 6697] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6696] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6696] <... futex resumed>) = 0 [pid 6697] <... openat resumed>) = 6 [pid 6696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6696] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6697] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6697] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6698]}, 88) = 6698 [pid 6696] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6698 attached [pid 6698] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6698] <... rseq resumed>) = 0 [pid 6698] set_robust_list(0x7f6d360d69a0, 24 [pid 6696] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6698] <... set_robust_list resumed>) = 0 [pid 6696] <... futex resumed>) = 0 [pid 6698] rt_sigprocmask(SIG_SETMASK, [], [pid 6696] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6698] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6698] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = 0 [pid 6698] <... futex resumed>) = 1 [pid 6698] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6696] exit_group(0 [pid 6697] <... futex resumed>) = ? [pid 6698] <... futex resumed>) = ? [pid 6697] +++ exited with 0 +++ [pid 6696] <... exit_group resumed>) = ? [pid 6698] +++ exited with 0 +++ [pid 6696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6696, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./550", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./550/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./550/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./550/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./550/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./550/bus") = 0 umount2("./550/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./550/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./550") = 0 mkdir("./551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6699 attached , child_tidptr=0x5555564f6750) = 6699 [pid 6699] set_robust_list(0x5555564f6760, 24) = 0 [pid 6699] chdir("./551") = 0 [pid 6699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6699] setpgid(0, 0) = 0 [pid 6699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6699] write(3, "1000", 4) = 4 [pid 6699] close(3) = 0 [pid 6699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6699] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6699] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6699] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6699] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6699] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6700 attached [pid 6700] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6700] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6699] <... clone3 resumed> => {parent_tid=[6700]}, 88) = 6700 [pid 6700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6699] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6700] memfd_create("syzkaller", 0) = 3 [pid 6700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6700] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6700] close(3) = 0 [pid 6700] mkdir("./bus", 0777) = 0 [pid 6700] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6700] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6700] chdir("./bus") = 0 [pid 6700] ioctl(4, LOOP_CLR_FD) = 0 [pid 6700] close(4) = 0 [pid 6700] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6700] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6699] <... futex resumed>) = 0 [pid 6699] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] <... futex resumed>) = 0 [pid 6699] <... futex resumed>) = 1 [pid 6700] memfd_create("syzkaller", 0) = 4 [pid 6700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6699] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6700] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6700] munmap(0x7f6d360cf000, 32768) = 0 [pid 6700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6700] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6700] ioctl(5, LOOP_CLR_FD) = 0 [pid 6700] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6700] close(5) = 0 [pid 6700] close(4) = 0 [pid 6700] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6700] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6699] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] <... futex resumed>) = 0 [pid 6699] <... futex resumed>) = 1 [pid 6699] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6700] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6699] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6699] <... futex resumed>) = 0 [pid 6699] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] <... write resumed>) = 12288 [pid 6700] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6699] <... futex resumed>) = 0 [pid 6700] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6699] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] <... mmap resumed>) = 0x20000000 [pid 6699] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6700] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6699] <... futex resumed>) = 0 [ 153.077761][ T6700] loop0: detected capacity change from 0 to 64 [pid 6699] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] <... futex resumed>) = 0 [pid 6699] <... futex resumed>) = 1 [pid 6700] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6700] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6699] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6700] <... openat resumed>) = 5 [pid 6700] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6699] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] <... futex resumed>) = 0 [pid 6699] <... futex resumed>) = 1 [pid 6700] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6699] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6700] <... openat resumed>) = 6 [pid 6699] <... mmap resumed>) = 0x7f6d360b6000 [pid 6700] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6699] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6699] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6699] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6701 attached [pid 6701] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6701] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6699] <... clone3 resumed> => {parent_tid=[6701]}, 88) = 6701 [pid 6701] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6699] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6701] <... futex resumed>) = 0 [pid 6701] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6699] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6701] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6701] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6699] <... futex resumed>) = 0 [pid 6701] <... futex resumed>) = 1 [pid 6699] exit_group(0 [pid 6701] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6700] <... futex resumed>) = ? [pid 6700] +++ exited with 0 +++ [pid 6701] +++ exited with 0 +++ [pid 6699] <... exit_group resumed>) = ? [pid 6699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6699, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./551", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./551/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./551/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./551/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./551/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./551/bus") = 0 umount2("./551/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./551/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./551") = 0 mkdir("./552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6702 attached , child_tidptr=0x5555564f6750) = 6702 [pid 6702] set_robust_list(0x5555564f6760, 24) = 0 [pid 6702] chdir("./552") = 0 [pid 6702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6702] setpgid(0, 0) = 0 [pid 6702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6702] write(3, "1000", 4) = 4 [pid 6702] close(3) = 0 [pid 6702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6702] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6702] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6703 attached => {parent_tid=[6703]}, 88) = 6703 [pid 6703] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6702] rt_sigprocmask(SIG_SETMASK, [], [pid 6703] <... rseq resumed>) = 0 [pid 6702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6703] set_robust_list(0x7f6d468e79a0, 24 [pid 6702] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] <... set_robust_list resumed>) = 0 [pid 6702] <... futex resumed>) = 0 [pid 6703] rt_sigprocmask(SIG_SETMASK, [], [pid 6702] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6703] memfd_create("syzkaller", 0) = 3 [pid 6703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6703] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6703] close(3) = 0 [pid 6703] mkdir("./bus", 0777) = 0 [pid 6703] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6703] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6703] chdir("./bus") = 0 [pid 6703] ioctl(4, LOOP_CLR_FD) = 0 [pid 6703] close(4) = 0 [pid 6703] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6703] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] <... futex resumed>) = 0 [pid 6703] memfd_create("syzkaller", 0) = 4 [pid 6703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6703] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6703] munmap(0x7f6d360cf000, 32768) = 0 [pid 6702] <... futex resumed>) = 1 [pid 6702] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6703] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6703] ioctl(5, LOOP_CLR_FD) = 0 [pid 6703] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6703] close(5) = 0 [pid 6703] close(4) = 0 [pid 6703] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6702] <... futex resumed>) = 0 [pid 6703] <... futex resumed>) = 1 [pid 6702] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] <... futex resumed>) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6703] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6703] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] <... futex resumed>) = 0 [pid 6702] <... futex resumed>) = 1 [pid 6703] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6702] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] <... mmap resumed>) = 0x20000000 [pid 6703] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6702] <... futex resumed>) = 0 [pid 6703] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6702] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] <... openat resumed>) = 5 [pid 6703] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6703] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6702] <... futex resumed>) = 0 [pid 6703] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6702] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6702] <... futex resumed>) = 0 [pid 6703] <... openat resumed>) = 6 [pid 6702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6703] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] <... mmap resumed>) = 0x7f6d360b6000 [pid 6703] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6704 attached => {parent_tid=[6704]}, 88) = 6704 [pid 6704] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6702] rt_sigprocmask(SIG_SETMASK, [], [pid 6704] <... rseq resumed>) = 0 [pid 6702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6702] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6704] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6704] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6704] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6702] <... futex resumed>) = 0 [pid 6704] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] exit_group(0 [pid 6704] <... futex resumed>) = ? [pid 6704] +++ exited with 0 +++ [pid 6703] <... futex resumed>) = ? [pid 6702] <... exit_group resumed>) = ? [pid 6703] +++ exited with 0 +++ [pid 6702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6702, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 153.240475][ T6703] loop0: detected capacity change from 0 to 64 umount2("./552", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./552/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./552/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./552/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./552/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./552/bus") = 0 umount2("./552/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./552/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./552") = 0 mkdir("./553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6705 attached , child_tidptr=0x5555564f6750) = 6705 [pid 6705] set_robust_list(0x5555564f6760, 24) = 0 [pid 6705] chdir("./553") = 0 [pid 6705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6705] setpgid(0, 0) = 0 [pid 6705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6705] write(3, "1000", 4) = 4 [pid 6705] close(3) = 0 [pid 6705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6705] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6705] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6706 attached => {parent_tid=[6706]}, 88) = 6706 [pid 6706] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6705] rt_sigprocmask(SIG_SETMASK, [], [pid 6706] set_robust_list(0x7f6d468e79a0, 24 [pid 6705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6706] <... set_robust_list resumed>) = 0 [pid 6705] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] rt_sigprocmask(SIG_SETMASK, [], [pid 6705] <... futex resumed>) = 0 [pid 6706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6705] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6706] memfd_create("syzkaller", 0) = 3 [pid 6706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6706] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6706] close(3) = 0 [pid 6706] mkdir("./bus", 0777) = 0 [pid 6706] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6706] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6706] chdir("./bus") = 0 [pid 6706] ioctl(4, LOOP_CLR_FD) = 0 [pid 6706] close(4) = 0 [pid 6706] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6706] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... futex resumed>) = 0 [pid 6705] <... futex resumed>) = 1 [pid 6706] memfd_create("syzkaller", 0 [pid 6705] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6706] <... memfd_create resumed>) = 4 [pid 6706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6706] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6706] munmap(0x7f6d360cf000, 32768) = 0 [pid 6706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6706] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6706] ioctl(5, LOOP_CLR_FD) = 0 [pid 6706] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6706] close(5) = 0 [pid 6706] close(4) = 0 [pid 6706] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6706] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6706] <... futex resumed>) = 0 [pid 6705] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6706] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... futex resumed>) = 1 [pid 6706] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6705] <... futex resumed>) = 0 [ 153.357928][ T6706] loop0: detected capacity change from 0 to 64 [pid 6706] <... write resumed>) = 12288 [pid 6705] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6706] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6705] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] <... mmap resumed>) = 0x20000000 [pid 6706] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6706] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6705] <... futex resumed>) = 0 [pid 6706] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6705] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6706] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6706] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6705] <... futex resumed>) = 0 [pid 6706] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6705] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6705] <... futex resumed>) = 0 [pid 6705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6706] <... openat resumed>) = 6 [pid 6705] <... mmap resumed>) = 0x7f6d360b6000 [pid 6706] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6706] <... futex resumed>) = 0 [pid 6706] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] <... mprotect resumed>) = 0 [pid 6705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6707 attached => {parent_tid=[6707]}, 88) = 6707 [pid 6705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6705] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6707] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6707] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6707] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] <... futex resumed>) = 0 [pid 6705] exit_group(0 [pid 6707] <... futex resumed>) = ? [pid 6706] <... futex resumed>) = ? [pid 6707] +++ exited with 0 +++ [pid 6706] +++ exited with 0 +++ [pid 6705] <... exit_group resumed>) = ? [pid 6705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6705, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./553", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./553/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./553/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./553/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./553/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./553/bus") = 0 umount2("./553/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./553/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./553") = 0 mkdir("./554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6708 ./strace-static-x86_64: Process 6708 attached [pid 6708] set_robust_list(0x5555564f6760, 24) = 0 [pid 6708] chdir("./554") = 0 [pid 6708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6708] setpgid(0, 0) = 0 [pid 6708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6708] write(3, "1000", 4) = 4 [pid 6708] close(3) = 0 [pid 6708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6708] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6708] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6709 attached [pid 6709] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6708] <... clone3 resumed> => {parent_tid=[6709]}, 88) = 6709 [pid 6709] <... rseq resumed>) = 0 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6709] set_robust_list(0x7f6d468e79a0, 24 [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6708] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... set_robust_list resumed>) = 0 [pid 6708] <... futex resumed>) = 0 [pid 6709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6708] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] memfd_create("syzkaller", 0) = 3 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6709] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6709] close(3) = 0 [pid 6709] mkdir("./bus", 0777) = 0 [pid 6709] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6709] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6709] chdir("./bus") = 0 [pid 6709] ioctl(4, LOOP_CLR_FD) = 0 [pid 6709] close(4) = 0 [pid 6709] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6709] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6709] memfd_create("syzkaller", 0 [pid 6708] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] <... memfd_create resumed>) = 4 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6709] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6709] munmap(0x7f6d360cf000, 32768) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6709] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6709] ioctl(5, LOOP_CLR_FD) = 0 [pid 6709] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6709] close(5) = 0 [pid 6709] close(4) = 0 [pid 6709] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6709] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6708] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... futex resumed>) = 1 [pid 6709] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6709] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] <... futex resumed>) = 1 [pid 6708] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6709] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] <... futex resumed>) = 1 [pid 6708] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6709] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6709] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6709] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6708] <... mmap resumed>) = 0x7f6d360b6000 [pid 6709] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6708] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6709] <... openat resumed>) = 6 [pid 6708] <... mprotect resumed>) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [ 153.505485][ T6709] loop0: detected capacity change from 0 to 64 [pid 6709] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6710 attached ) = 0 [pid 6710] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6709] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] <... clone3 resumed> => {parent_tid=[6710]}, 88) = 6710 [pid 6710] <... rseq resumed>) = 0 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6710] set_robust_list(0x7f6d360d69a0, 24 [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6708] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6710] <... set_robust_list resumed>) = 0 [pid 6710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6710] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6710] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6710] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] exit_group(0 [pid 6710] <... futex resumed>) = ? [pid 6709] <... futex resumed>) = ? [pid 6710] +++ exited with 0 +++ [pid 6708] <... exit_group resumed>) = ? [pid 6709] +++ exited with 0 +++ [pid 6708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6708, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./554", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./554/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./554/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./554/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./554/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./554/bus") = 0 umount2("./554/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./554/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./554") = 0 mkdir("./555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6711 attached , child_tidptr=0x5555564f6750) = 6711 [pid 6711] set_robust_list(0x5555564f6760, 24) = 0 [pid 6711] chdir("./555") = 0 [pid 6711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6711] setpgid(0, 0) = 0 [pid 6711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6711] write(3, "1000", 4) = 4 [pid 6711] close(3) = 0 [pid 6711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6711] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6711] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6712]}, 88) = 6712 [pid 6711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6711] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6712 attached [pid 6712] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6712] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6712] memfd_create("syzkaller", 0) = 3 [pid 6712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6712] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6712] close(3) = 0 [pid 6712] mkdir("./bus", 0777) = 0 [pid 6712] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6712] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6712] chdir("./bus") = 0 [pid 6712] ioctl(4, LOOP_CLR_FD) = 0 [pid 6712] close(4) = 0 [pid 6712] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6712] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6711] <... futex resumed>) = 0 [pid 6712] memfd_create("syzkaller", 0) = 4 [pid 6711] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6712] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6712] munmap(0x7f6d360cf000, 32768) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6712] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6712] ioctl(5, LOOP_CLR_FD) = 0 [pid 6712] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6712] close(5) = 0 [pid 6712] close(4) = 0 [pid 6712] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] <... futex resumed>) = 0 [pid 6712] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6711] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6711] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... write resumed>) = 12288 [pid 6712] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... futex resumed>) = 1 [pid 6712] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6712] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... futex resumed>) = 1 [pid 6712] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6712] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6712] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] <... futex resumed>) = 1 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6712] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6712] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6711] <... mmap resumed>) = 0x7f6d360b6000 [pid 6712] <... openat resumed>) = 6 [pid 6711] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6712] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6712] <... futex resumed>) = 0 [pid 6712] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6713]}, 88) = 6713 [pid 6711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6711] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6713 attached [pid 6713] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6713] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6713] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6713] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6713] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... futex resumed>) = 0 [ 153.622616][ T6712] loop0: detected capacity change from 0 to 64 [pid 6711] exit_group(0 [pid 6712] <... futex resumed>) = ? [pid 6713] <... futex resumed>) = ? [pid 6713] +++ exited with 0 +++ [pid 6712] +++ exited with 0 +++ [pid 6711] <... exit_group resumed>) = ? [pid 6711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6711, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./555", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./555/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./555/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./555/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./555/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./555/bus") = 0 umount2("./555/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./555/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./555") = 0 mkdir("./556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6714 attached , child_tidptr=0x5555564f6750) = 6714 [pid 6714] set_robust_list(0x5555564f6760, 24) = 0 [pid 6714] chdir("./556") = 0 [pid 6714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6714] setpgid(0, 0) = 0 [pid 6714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6714] write(3, "1000", 4) = 4 [pid 6714] close(3) = 0 [pid 6714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6714] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6714] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6715 attached [pid 6715] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6715] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6715] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] <... clone3 resumed> => {parent_tid=[6715]}, 88) = 6715 [pid 6714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6714] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] <... futex resumed>) = 0 [pid 6714] <... futex resumed>) = 1 [pid 6715] memfd_create("syzkaller", 0 [pid 6714] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6715] <... memfd_create resumed>) = 3 [pid 6715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6715] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6715] close(3) = 0 [pid 6715] mkdir("./bus", 0777) = 0 [pid 6715] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6715] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6715] chdir("./bus") = 0 [pid 6715] ioctl(4, LOOP_CLR_FD) = 0 [pid 6715] close(4) = 0 [pid 6715] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 0 [pid 6715] <... futex resumed>) = 1 [pid 6714] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6715] memfd_create("syzkaller", 0) = 4 [pid 6715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6715] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6715] munmap(0x7f6d360cf000, 32768) = 0 [pid 6715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6715] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6715] ioctl(5, LOOP_CLR_FD) = 0 [pid 6715] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6715] close(5) = 0 [pid 6715] close(4) = 0 [pid 6715] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6715] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6715] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6715] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6714] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] <... write resumed>) = 12288 [pid 6715] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] <... futex resumed>) = 1 [pid 6714] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6715] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 0 [pid 6715] <... futex resumed>) = 1 [pid 6714] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6714] <... futex resumed>) = 0 [pid 6715] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6714] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] <... openat resumed>) = 5 [pid 6715] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] <... futex resumed>) = 0 [pid 6714] <... futex resumed>) = 1 [pid 6715] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6714] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6714] <... futex resumed>) = 0 [pid 6714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6715] <... openat resumed>) = 6 [pid 6714] <... mmap resumed>) = 0x7f6d360b6000 [pid 6715] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6715] <... futex resumed>) = 0 [ 153.761475][ T6715] loop0: detected capacity change from 0 to 64 [pid 6715] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] <... mprotect resumed>) = 0 [pid 6714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6716 attached [pid 6716] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6714] <... clone3 resumed> => {parent_tid=[6716]}, 88) = 6716 [pid 6716] <... rseq resumed>) = 0 [pid 6714] rt_sigprocmask(SIG_SETMASK, [], [pid 6716] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6716] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6716] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6716] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] exit_group(0 [pid 6716] <... futex resumed>) = ? [pid 6715] <... futex resumed>) = ? [pid 6714] <... exit_group resumed>) = ? [pid 6716] +++ exited with 0 +++ [pid 6715] +++ exited with 0 +++ [pid 6714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6714, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./556", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./556/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./556/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./556/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./556/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./556/bus") = 0 umount2("./556/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./556/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./556") = 0 mkdir("./557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6717 ./strace-static-x86_64: Process 6717 attached [pid 6717] set_robust_list(0x5555564f6760, 24) = 0 [pid 6717] chdir("./557") = 0 [pid 6717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6717] setpgid(0, 0) = 0 [pid 6717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6717] write(3, "1000", 4) = 4 [pid 6717] close(3) = 0 [pid 6717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6717] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6717] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6718 attached => {parent_tid=[6718]}, 88) = 6718 [pid 6718] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6717] rt_sigprocmask(SIG_SETMASK, [], [pid 6718] <... rseq resumed>) = 0 [pid 6717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6718] set_robust_list(0x7f6d468e79a0, 24 [pid 6717] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... set_robust_list resumed>) = 0 [pid 6718] rt_sigprocmask(SIG_SETMASK, [], [pid 6717] <... futex resumed>) = 0 [pid 6718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6717] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6718] memfd_create("syzkaller", 0) = 3 [pid 6718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6718] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6718] close(3) = 0 [pid 6718] mkdir("./bus", 0777) = 0 [pid 6718] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6718] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6718] chdir("./bus") = 0 [pid 6718] ioctl(4, LOOP_CLR_FD) = 0 [pid 6718] close(4) = 0 [pid 6718] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6718] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6718] <... futex resumed>) = 0 [pid 6717] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6718] memfd_create("syzkaller", 0) = 4 [pid 6718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6718] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6718] munmap(0x7f6d360cf000, 32768) = 0 [pid 6718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6718] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6718] ioctl(5, LOOP_CLR_FD) = 0 [pid 6718] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6718] close(5) = 0 [pid 6718] close(4) = 0 [pid 6718] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6718] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... futex resumed>) = 0 [pid 6717] <... futex resumed>) = 1 [pid 6718] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6717] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... openat resumed>) = 4 [pid 6718] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] <... futex resumed>) = 0 [pid 6718] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6717] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... write resumed>) = 12288 [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... futex resumed>) = 1 [pid 6718] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6718] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] <... futex resumed>) = 0 [pid 6718] <... futex resumed>) = 1 [pid 6717] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6717] <... futex resumed>) = 0 [pid 6718] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6717] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... openat resumed>) = 5 [pid 6718] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] <... futex resumed>) = 0 [pid 6717] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6718] <... futex resumed>) = 1 [pid 6718] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6718] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6717] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6718] <... openat resumed>) = 6 [pid 6717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6719 attached [pid 6718] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6718] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] <... clone3 resumed> => {parent_tid=[6719]}, 88) = 6719 [pid 6719] <... rseq resumed>) = 0 [pid 6717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6717] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6719] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6719] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6719] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 153.900133][ T6718] loop0: detected capacity change from 0 to 64 [pid 6719] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] <... futex resumed>) = 0 [pid 6717] exit_group(0 [pid 6718] <... futex resumed>) = ? [pid 6719] <... futex resumed>) = ? [pid 6718] +++ exited with 0 +++ [pid 6719] +++ exited with 0 +++ [pid 6717] <... exit_group resumed>) = ? [pid 6717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6717, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./557", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./557/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./557/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./557/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./557/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./557/bus") = 0 umount2("./557/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./557/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./557") = 0 mkdir("./558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6720 attached , child_tidptr=0x5555564f6750) = 6720 [pid 6720] set_robust_list(0x5555564f6760, 24) = 0 [pid 6720] chdir("./558") = 0 [pid 6720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6720] setpgid(0, 0) = 0 [pid 6720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6720] write(3, "1000", 4) = 4 [pid 6720] close(3) = 0 [pid 6720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6720] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6720] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6721]}, 88) = 6721 ./strace-static-x86_64: Process 6721 attached [pid 6720] rt_sigprocmask(SIG_SETMASK, [], [pid 6721] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6721] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6720] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] memfd_create("syzkaller", 0 [pid 6720] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6721] <... memfd_create resumed>) = 3 [pid 6721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6721] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6721] close(3) = 0 [pid 6721] mkdir("./bus", 0777) = 0 [pid 6721] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6721] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6721] chdir("./bus") = 0 [pid 6721] ioctl(4, LOOP_CLR_FD) = 0 [pid 6721] close(4) = 0 [pid 6721] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6721] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] <... futex resumed>) = 0 [pid 6721] memfd_create("syzkaller", 0) = 4 [pid 6721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6721] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6721] munmap(0x7f6d360cf000, 32768) = 0 [pid 6720] <... futex resumed>) = 1 [pid 6720] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6721] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6721] ioctl(5, LOOP_CLR_FD) = 0 [pid 6721] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6721] close(5) = 0 [pid 6721] close(4) = 0 [pid 6721] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = 0 [pid 6721] <... futex resumed>) = 1 [pid 6720] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6720] <... futex resumed>) = 0 [pid 6721] <... openat resumed>) = 4 [pid 6720] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6721] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6720] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] <... write resumed>) = 12288 [pid 6721] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] <... futex resumed>) = 1 [pid 6721] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6721] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] <... futex resumed>) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6721] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6721] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6720] <... futex resumed>) = 0 [pid 6720] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6720] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6720] <... futex resumed>) = 0 [pid 6721] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6720] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6722 attached [pid 6722] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6720] <... clone3 resumed> => {parent_tid=[6722]}, 88) = 6722 [pid 6722] <... rseq resumed>) = 0 [pid 6720] rt_sigprocmask(SIG_SETMASK, [], [pid 6722] set_robust_list(0x7f6d360d69a0, 24 [pid 6720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6722] <... set_robust_list resumed>) = 0 [pid 6720] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6720] <... futex resumed>) = 0 [pid 6722] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6720] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6722] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6722] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = 0 [pid 6722] <... futex resumed>) = 1 [pid 6722] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] <... openat resumed>) = 6 [pid 6721] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 154.024388][ T6721] loop0: detected capacity change from 0 to 64 [pid 6720] exit_group(0 [pid 6722] <... futex resumed>) = ? [pid 6721] <... futex resumed>) = ? [pid 6720] <... exit_group resumed>) = ? [pid 6722] +++ exited with 0 +++ [pid 6721] +++ exited with 0 +++ [pid 6720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6720, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./558", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./558/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./558/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./558/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./558/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./558/bus") = 0 umount2("./558/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./558/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./558") = 0 mkdir("./559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6723 attached , child_tidptr=0x5555564f6750) = 6723 [pid 6723] set_robust_list(0x5555564f6760, 24) = 0 [pid 6723] chdir("./559") = 0 [pid 6723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6723] setpgid(0, 0) = 0 [pid 6723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6723] write(3, "1000", 4) = 4 [pid 6723] close(3) = 0 [pid 6723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6723] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6723] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6724 attached [pid 6724] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6724] set_robust_list(0x7f6d468e79a0, 24 [pid 6723] <... clone3 resumed> => {parent_tid=[6724]}, 88) = 6724 [pid 6724] <... set_robust_list resumed>) = 0 [pid 6723] rt_sigprocmask(SIG_SETMASK, [], [pid 6724] rt_sigprocmask(SIG_SETMASK, [], [pid 6723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6723] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] memfd_create("syzkaller", 0 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6724] <... memfd_create resumed>) = 3 [pid 6724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6724] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6724] close(3) = 0 [pid 6724] mkdir("./bus", 0777) = 0 [pid 6724] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6724] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6724] chdir("./bus") = 0 [pid 6724] ioctl(4, LOOP_CLR_FD) = 0 [pid 6724] close(4) = 0 [pid 6724] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6724] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = 0 [pid 6724] memfd_create("syzkaller", 0) = 4 [pid 6723] <... futex resumed>) = 1 [pid 6724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6723] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6724] <... mmap resumed>) = 0x7f6d360cf000 [pid 6724] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6724] munmap(0x7f6d360cf000, 32768) = 0 [pid 6724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6724] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6724] ioctl(5, LOOP_CLR_FD) = 0 [pid 6724] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6724] close(5) = 0 [pid 6724] close(4) = 0 [pid 6724] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6724] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6724] <... futex resumed>) = 0 [pid 6724] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6723] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6724] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6724] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... futex resumed>) = 1 [pid 6724] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6724] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6724] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6724] <... futex resumed>) = 1 [pid 6724] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6724] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6723] <... mmap resumed>) = 0x7f6d360b6000 [ 154.140354][ T6724] loop0: detected capacity change from 0 to 64 [pid 6723] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6724] <... openat resumed>) = 6 [pid 6724] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6724] <... futex resumed>) = 0 [pid 6723] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6724] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6725]}, 88) = 6725 ./strace-static-x86_64: Process 6725 attached [pid 6723] rt_sigprocmask(SIG_SETMASK, [], [pid 6725] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6725] set_robust_list(0x7f6d360d69a0, 24 [pid 6723] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... set_robust_list resumed>) = 0 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6725] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6725] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6723] <... futex resumed>) = 0 [pid 6725] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6723] exit_group(0 [pid 6725] <... futex resumed>) = ? [pid 6725] +++ exited with 0 +++ [pid 6724] <... futex resumed>) = ? [pid 6723] <... exit_group resumed>) = ? [pid 6724] +++ exited with 0 +++ [pid 6723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6723, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./559", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./559/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./559/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./559/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./559/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./559/bus") = 0 umount2("./559/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./559/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./559") = 0 mkdir("./560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6726 attached [pid 6726] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6726 [pid 6726] chdir("./560") = 0 [pid 6726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6726] setpgid(0, 0) = 0 [pid 6726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6726] write(3, "1000", 4) = 4 [pid 6726] close(3) = 0 [pid 6726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6726] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6726] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6727 attached [pid 6727] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6726] <... clone3 resumed> => {parent_tid=[6727]}, 88) = 6727 [pid 6727] <... rseq resumed>) = 0 [pid 6726] rt_sigprocmask(SIG_SETMASK, [], [pid 6727] set_robust_list(0x7f6d468e79a0, 24 [pid 6726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6727] <... set_robust_list resumed>) = 0 [pid 6726] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] <... futex resumed>) = 0 [pid 6727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6726] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6727] memfd_create("syzkaller", 0) = 3 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6727] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6727] close(3) = 0 [pid 6727] mkdir("./bus", 0777) = 0 [pid 6727] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6727] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6727] chdir("./bus") = 0 [pid 6727] ioctl(4, LOOP_CLR_FD) = 0 [pid 6727] close(4) = 0 [pid 6727] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] memfd_create("syzkaller", 0 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6727] <... memfd_create resumed>) = 4 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6727] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6727] munmap(0x7f6d360cf000, 32768) = 0 [pid 6727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6727] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6727] ioctl(5, LOOP_CLR_FD) = 0 [pid 6727] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6727] close(5) = 0 [pid 6727] close(4) = 0 [pid 6727] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 1 [pid 6727] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6726] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... openat resumed>) = 4 [pid 6727] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 1 [pid 6727] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6726] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... write resumed>) = 12288 [pid 6727] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6727] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6726] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... openat resumed>) = 5 [pid 6727] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6726] <... futex resumed>) = 0 [pid 6727] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 154.282824][ T6727] loop0: detected capacity change from 0 to 64 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6727] <... openat resumed>) = 6 [pid 6726] <... mmap resumed>) = 0x7f6d360b6000 [pid 6727] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6727] <... futex resumed>) = 0 [pid 6727] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] <... mprotect resumed>) = 0 [pid 6726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6728 attached => {parent_tid=[6728]}, 88) = 6728 [pid 6728] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6726] rt_sigprocmask(SIG_SETMASK, [], [pid 6728] set_robust_list(0x7f6d360d69a0, 24 [pid 6726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6728] <... set_robust_list resumed>) = 0 [pid 6726] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6728] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6728] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6728] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] exit_group(0 [pid 6728] <... futex resumed>) = ? [pid 6727] <... futex resumed>) = ? [pid 6728] +++ exited with 0 +++ [pid 6727] +++ exited with 0 +++ [pid 6726] <... exit_group resumed>) = ? [pid 6726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6726, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./560", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./560/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./560/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./560/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./560/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./560/bus") = 0 umount2("./560/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./560/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./560") = 0 mkdir("./561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6729 attached , child_tidptr=0x5555564f6750) = 6729 [pid 6729] set_robust_list(0x5555564f6760, 24) = 0 [pid 6729] chdir("./561") = 0 [pid 6729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6729] setpgid(0, 0) = 0 [pid 6729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6729] write(3, "1000", 4) = 4 [pid 6729] close(3) = 0 [pid 6729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6729] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6729] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6730 attached => {parent_tid=[6730]}, 88) = 6730 [pid 6729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6729] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6730] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6730] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6730] memfd_create("syzkaller", 0) = 3 [pid 6730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6730] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6730] close(3) = 0 [pid 6730] mkdir("./bus", 0777) = 0 [pid 6730] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6730] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6730] chdir("./bus") = 0 [pid 6730] ioctl(4, LOOP_CLR_FD) = 0 [pid 6730] close(4) = 0 [pid 6730] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6730] memfd_create("syzkaller", 0 [pid 6729] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... memfd_create resumed>) = 4 [pid 6730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6730] <... mmap resumed>) = 0x7f6d360cf000 [pid 6730] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6730] munmap(0x7f6d360cf000, 32768) = 0 [pid 6730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6730] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6730] ioctl(5, LOOP_CLR_FD) = 0 [pid 6730] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6730] close(5) = 0 [pid 6730] close(4) = 0 [pid 6730] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6729] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... openat resumed>) = 4 [pid 6730] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = 0 [pid 6730] <... futex resumed>) = 1 [pid 6729] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6729] <... futex resumed>) = 0 [pid 6730] <... write resumed>) = 12288 [pid 6729] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... futex resumed>) = 1 [pid 6730] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6730] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... futex resumed>) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6730] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6729] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6730] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6730] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6729] <... futex resumed>) = 0 [pid 6730] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6729] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6729] <... futex resumed>) = 0 [pid 6730] <... openat resumed>) = 6 [pid 6729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6730] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... mmap resumed>) = 0x7f6d360b6000 [pid 6730] <... futex resumed>) = 0 [pid 6729] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6730] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6731 attached [pid 6731] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6731] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6731] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] <... clone3 resumed> => {parent_tid=[6731]}, 88) = 6731 [pid 6729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6729] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6729] <... futex resumed>) = 1 [pid 6731] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6729] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6731] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] exit_group(0 [pid 6730] <... futex resumed>) = ? [pid 6729] <... exit_group resumed>) = ? [pid 6731] <... futex resumed>) = ? [pid 6730] +++ exited with 0 +++ [pid 6731] +++ exited with 0 +++ [pid 6729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6729, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./561", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 154.404372][ T6730] loop0: detected capacity change from 0 to 64 umount2("./561/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./561/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./561/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./561/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./561/bus") = 0 umount2("./561/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./561/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./561") = 0 mkdir("./562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6732 attached , child_tidptr=0x5555564f6750) = 6732 [pid 6732] set_robust_list(0x5555564f6760, 24) = 0 [pid 6732] chdir("./562") = 0 [pid 6732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6732] setpgid(0, 0) = 0 [pid 6732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6732] write(3, "1000", 4) = 4 [pid 6732] close(3) = 0 [pid 6732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6732] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6732] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6733]}, 88) = 6733 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6733 attached NULL, 8) = 0 [pid 6733] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6732] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... rseq resumed>) = 0 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6733] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6733] memfd_create("syzkaller", 0) = 3 [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6733] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6733] close(3) = 0 [pid 6733] mkdir("./bus", 0777) = 0 [pid 6733] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6733] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6733] chdir("./bus") = 0 [pid 6733] ioctl(4, LOOP_CLR_FD) = 0 [pid 6733] close(4) = 0 [pid 6733] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6732] <... futex resumed>) = 0 [pid 6733] memfd_create("syzkaller", 0) = 4 [pid 6732] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6733] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6733] munmap(0x7f6d360cf000, 32768) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6733] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6733] ioctl(5, LOOP_CLR_FD) = 0 [pid 6733] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6733] close(5) = 0 [pid 6733] close(4) = 0 [pid 6733] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6732] <... futex resumed>) = 0 [pid 6733] <... openat resumed>) = 4 [pid 6732] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... futex resumed>) = 1 [pid 6733] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6733] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6732] <... futex resumed>) = 0 [pid 6733] <... mmap resumed>) = 0x20000000 [pid 6732] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... futex resumed>) = 1 [pid 6733] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 154.504394][ T6733] loop0: detected capacity change from 0 to 64 [pid 6733] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6733] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6732] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6732] <... futex resumed>) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6733] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6732] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6733] <... openat resumed>) = 6 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6733] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6733] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6734 attached [pid 6733] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6732] <... clone3 resumed> => {parent_tid=[6734]}, 88) = 6734 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6732] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6734] <... rseq resumed>) = 0 [pid 6734] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6734] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6734] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6734] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] <... futex resumed>) = 0 [pid 6732] exit_group(0 [pid 6734] <... futex resumed>) = ? [pid 6733] <... futex resumed>) = ? [pid 6732] <... exit_group resumed>) = ? [pid 6734] +++ exited with 0 +++ [pid 6733] +++ exited with 0 +++ [pid 6732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6732, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./562", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./562/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./562/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./562/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./562/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./562/bus") = 0 umount2("./562/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./562/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./562") = 0 mkdir("./563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6735 attached , child_tidptr=0x5555564f6750) = 6735 [pid 6735] set_robust_list(0x5555564f6760, 24) = 0 [pid 6735] chdir("./563") = 0 [pid 6735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6735] setpgid(0, 0) = 0 [pid 6735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6735] write(3, "1000", 4) = 4 [pid 6735] close(3) = 0 [pid 6735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6735] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6735] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6736 attached => {parent_tid=[6736]}, 88) = 6736 [pid 6735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6735] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6736] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6736] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6736] memfd_create("syzkaller", 0) = 3 [pid 6736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6736] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6736] close(3) = 0 [pid 6736] mkdir("./bus", 0777) = 0 [pid 6736] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6736] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6736] chdir("./bus") = 0 [pid 6736] ioctl(4, LOOP_CLR_FD) = 0 [pid 6736] close(4) = 0 [pid 6736] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6736] <... futex resumed>) = 1 [pid 6735] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] memfd_create("syzkaller", 0 [pid 6735] <... futex resumed>) = 0 [pid 6736] <... memfd_create resumed>) = 4 [pid 6735] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6736] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6736] munmap(0x7f6d360cf000, 32768) = 0 [pid 6736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6736] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6736] ioctl(5, LOOP_CLR_FD) = 0 [pid 6736] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6736] close(5) = 0 [pid 6736] close(4) = 0 [pid 6736] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6736] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... futex resumed>) = 0 [pid 6736] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6736] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6736] <... futex resumed>) = 1 [pid 6736] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [ 154.637561][ T6736] loop0: detected capacity change from 0 to 64 [pid 6736] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6736] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6735] <... futex resumed>) = 0 [pid 6736] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6735] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] <... futex resumed>) = 1 [pid 6735] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6736] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6736] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6735] <... futex resumed>) = 0 [pid 6735] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6735] <... futex resumed>) = 0 [pid 6736] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6735] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] <... openat resumed>) = 6 [pid 6735] <... futex resumed>) = 0 [pid 6735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6736] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6736] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] <... mprotect resumed>) = 0 [pid 6735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6737 attached [pid 6737] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6735] <... clone3 resumed> => {parent_tid=[6737]}, 88) = 6737 [pid 6737] <... rseq resumed>) = 0 [pid 6735] rt_sigprocmask(SIG_SETMASK, [], [pid 6737] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6737] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6735] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6737] <... futex resumed>) = 0 [pid 6735] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6737] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = 0 [pid 6737] <... futex resumed>) = 1 [pid 6735] exit_group(0 [pid 6737] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6736] <... futex resumed>) = ? [pid 6736] +++ exited with 0 +++ [pid 6735] <... exit_group resumed>) = ? [pid 6737] <... futex resumed>) = ? [pid 6737] +++ exited with 0 +++ [pid 6735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6735, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./563", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./563/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./563/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./563/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./563/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./563/bus") = 0 umount2("./563/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./563/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./563") = 0 mkdir("./564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6738 attached , child_tidptr=0x5555564f6750) = 6738 [pid 6738] set_robust_list(0x5555564f6760, 24) = 0 [pid 6738] chdir("./564") = 0 [pid 6738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6738] setpgid(0, 0) = 0 [pid 6738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6738] write(3, "1000", 4) = 4 [pid 6738] close(3) = 0 [pid 6738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6738] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6738] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6739]}, 88) = 6739 ./strace-static-x86_64: Process 6739 attached [pid 6738] rt_sigprocmask(SIG_SETMASK, [], [pid 6739] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6739] <... rseq resumed>) = 0 [pid 6739] set_robust_list(0x7f6d468e79a0, 24 [pid 6738] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6739] <... set_robust_list resumed>) = 0 [pid 6739] rt_sigprocmask(SIG_SETMASK, [], [pid 6738] <... futex resumed>) = 0 [pid 6739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6738] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6739] memfd_create("syzkaller", 0) = 3 [pid 6739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6739] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6739] close(3) = 0 [pid 6739] mkdir("./bus", 0777) = 0 [pid 6739] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6739] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6739] chdir("./bus") = 0 [pid 6739] ioctl(4, LOOP_CLR_FD) = 0 [pid 6739] close(4) = 0 [pid 6739] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6739] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6738] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6739] memfd_create("syzkaller", 0) = 4 [pid 6739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6739] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6739] munmap(0x7f6d360cf000, 32768) = 0 [pid 6739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6739] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6739] ioctl(5, LOOP_CLR_FD) = 0 [pid 6739] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6739] close(5) = 0 [pid 6739] close(4) = 0 [pid 6739] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] <... futex resumed>) = 0 [pid 6739] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6739] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6739] <... futex resumed>) = 1 [pid 6739] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6738] <... futex resumed>) = 0 [pid 6739] <... write resumed>) = 12288 [pid 6738] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] <... futex resumed>) = 1 [pid 6739] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6739] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] <... futex resumed>) = 1 [pid 6739] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6739] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6739] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... futex resumed>) = 0 [pid 6738] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6739] <... futex resumed>) = 1 [pid 6739] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6738] <... futex resumed>) = 0 [pid 6739] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6739] <... openat resumed>) = 6 [pid 6738] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6739] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6739] <... futex resumed>) = 0 [ 154.783550][ T6739] loop0: detected capacity change from 0 to 64 [pid 6739] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6740 attached [pid 6740] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6738] <... clone3 resumed> => {parent_tid=[6740]}, 88) = 6740 [pid 6740] <... rseq resumed>) = 0 [pid 6738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6738] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6740] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6740] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6740] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6738] <... futex resumed>) = 0 [pid 6740] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] exit_group(0 [pid 6740] <... futex resumed>) = ? [pid 6739] <... futex resumed>) = ? [pid 6740] +++ exited with 0 +++ [pid 6739] +++ exited with 0 +++ [pid 6738] <... exit_group resumed>) = ? [pid 6738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6738, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./564", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./564/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./564/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./564/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./564/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./564/bus") = 0 umount2("./564/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./564/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./564") = 0 mkdir("./565", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6741 attached , child_tidptr=0x5555564f6750) = 6741 [pid 6741] set_robust_list(0x5555564f6760, 24) = 0 [pid 6741] chdir("./565") = 0 [pid 6741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6741] setpgid(0, 0) = 0 [pid 6741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6741] write(3, "1000", 4) = 4 [pid 6741] close(3) = 0 [pid 6741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6741] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6741] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6741] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6742 attached => {parent_tid=[6742]}, 88) = 6742 [pid 6742] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6741] rt_sigprocmask(SIG_SETMASK, [], [pid 6742] <... rseq resumed>) = 0 [pid 6742] set_robust_list(0x7f6d468e79a0, 24 [pid 6741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6742] <... set_robust_list resumed>) = 0 [pid 6741] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6741] <... futex resumed>) = 0 [pid 6742] memfd_create("syzkaller", 0 [pid 6741] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6742] <... memfd_create resumed>) = 3 [pid 6742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6742] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6742] close(3) = 0 [pid 6742] mkdir("./bus", 0777) = 0 [pid 6742] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6742] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6742] chdir("./bus") = 0 [pid 6742] ioctl(4, LOOP_CLR_FD) = 0 [pid 6742] close(4) = 0 [pid 6742] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] <... futex resumed>) = 0 [pid 6742] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6742] <... futex resumed>) = 0 [pid 6741] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6742] memfd_create("syzkaller", 0) = 4 [pid 6742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6742] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6742] munmap(0x7f6d360cf000, 32768) = 0 [pid 6742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6742] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6742] ioctl(5, LOOP_CLR_FD) = 0 [pid 6742] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6742] close(5) = 0 [pid 6742] close(4) = 0 [pid 6742] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] <... futex resumed>) = 0 [pid 6741] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6742] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] <... futex resumed>) = 0 [pid 6741] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6741] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] <... futex resumed>) = 0 [pid 6741] <... futex resumed>) = 1 [pid 6742] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6741] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... write resumed>) = 12288 [pid 6742] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] <... futex resumed>) = 0 [pid 6742] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6742] <... futex resumed>) = 0 [pid 6742] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6741] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... mmap resumed>) = 0x20000000 [pid 6742] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6742] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] <... futex resumed>) = 0 [pid 6741] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] <... futex resumed>) = 0 [pid 6741] <... futex resumed>) = 1 [pid 6742] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6741] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6742] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] <... futex resumed>) = 0 [pid 6742] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6741] <... futex resumed>) = 0 [pid 6742] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6741] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6741] <... futex resumed>) = 0 [pid 6741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6742] <... openat resumed>) = 6 [pid 6741] <... mmap resumed>) = 0x7f6d360b6000 [pid 6742] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6743 attached [pid 6743] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6741] <... clone3 resumed> => {parent_tid=[6743]}, 88) = 6743 [pid 6743] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6741] rt_sigprocmask(SIG_SETMASK, [], [pid 6743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6743] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6741] <... futex resumed>) = 0 [pid 6743] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6741] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6743] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6743] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] <... futex resumed>) = 0 [pid 6743] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6741] exit_group(0 [pid 6743] <... futex resumed>) = ? [pid 6742] <... futex resumed>) = ? [pid 6741] <... exit_group resumed>) = ? [ 154.905550][ T6742] loop0: detected capacity change from 0 to 64 [pid 6743] +++ exited with 0 +++ [pid 6742] +++ exited with 0 +++ [pid 6741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6741, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./565", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./565/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./565/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./565/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./565/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./565/bus") = 0 umount2("./565/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./565/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./565") = 0 mkdir("./566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6744 attached , child_tidptr=0x5555564f6750) = 6744 [pid 6744] set_robust_list(0x5555564f6760, 24) = 0 [pid 6744] chdir("./566") = 0 [pid 6744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6744] setpgid(0, 0) = 0 [pid 6744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6744] write(3, "1000", 4) = 4 [pid 6744] close(3) = 0 [pid 6744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6744] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6744] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6744] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6745 attached [pid 6745] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6744] <... clone3 resumed> => {parent_tid=[6745]}, 88) = 6745 [pid 6745] <... rseq resumed>) = 0 [pid 6744] rt_sigprocmask(SIG_SETMASK, [], [pid 6745] set_robust_list(0x7f6d468e79a0, 24 [pid 6744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6745] <... set_robust_list resumed>) = 0 [pid 6744] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6744] <... futex resumed>) = 0 [pid 6745] memfd_create("syzkaller", 0 [pid 6744] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6745] <... memfd_create resumed>) = 3 [pid 6745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6745] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6745] close(3) = 0 [pid 6745] mkdir("./bus", 0777) = 0 [pid 6745] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6745] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6745] chdir("./bus") = 0 [pid 6745] ioctl(4, LOOP_CLR_FD) = 0 [pid 6745] close(4) = 0 [pid 6745] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6745] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6744] <... futex resumed>) = 0 [pid 6745] memfd_create("syzkaller", 0 [pid 6744] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6745] <... memfd_create resumed>) = 4 [pid 6745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6745] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6745] munmap(0x7f6d360cf000, 32768) = 0 [pid 6745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6745] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6745] ioctl(5, LOOP_CLR_FD) = 0 [pid 6745] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6745] close(5) = 0 [pid 6745] close(4) = 0 [pid 6745] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6745] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6744] <... futex resumed>) = 0 [pid 6745] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6744] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] <... openat resumed>) = 4 [pid 6745] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] <... futex resumed>) = 0 [pid 6744] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6744] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6745] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6745] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = 0 [pid 6744] <... futex resumed>) = 1 [pid 6745] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6744] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] <... mmap resumed>) = 0x20000000 [pid 6745] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6745] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6744] <... futex resumed>) = 0 [pid 6745] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6744] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 155.011366][ T6745] loop0: detected capacity change from 0 to 64 [pid 6745] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6745] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6744] <... futex resumed>) = 0 [pid 6745] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6744] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6744] <... futex resumed>) = 0 [pid 6744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6745] <... openat resumed>) = 6 [pid 6744] <... mmap resumed>) = 0x7f6d360b6000 [pid 6745] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6746 attached [pid 6746] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6744] <... clone3 resumed> => {parent_tid=[6746]}, 88) = 6746 [pid 6746] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6746] rt_sigprocmask(SIG_SETMASK, [], [pid 6744] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6746] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6744] <... futex resumed>) = 0 [pid 6746] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6746] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6744] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6744] exit_group(0 [pid 6746] <... futex resumed>) = ? [pid 6744] <... exit_group resumed>) = ? [pid 6746] +++ exited with 0 +++ [pid 6745] <... futex resumed>) = ? [pid 6745] +++ exited with 0 +++ [pid 6744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6744, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./566", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./566/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./566/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./566/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./566/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./566/bus") = 0 umount2("./566/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./566/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./566") = 0 mkdir("./567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6747 attached , child_tidptr=0x5555564f6750) = 6747 [pid 6747] set_robust_list(0x5555564f6760, 24) = 0 [pid 6747] chdir("./567") = 0 [pid 6747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6747] setpgid(0, 0) = 0 [pid 6747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6747] write(3, "1000", 4) = 4 [pid 6747] close(3) = 0 [pid 6747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6747] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6747] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6748 attached => {parent_tid=[6748]}, 88) = 6748 [pid 6748] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6747] rt_sigprocmask(SIG_SETMASK, [], [pid 6748] set_robust_list(0x7f6d468e79a0, 24 [pid 6747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6748] <... set_robust_list resumed>) = 0 [pid 6747] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6748] memfd_create("syzkaller", 0) = 3 [pid 6748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6748] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6748] close(3) = 0 [pid 6748] mkdir("./bus", 0777) = 0 [pid 6748] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6748] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6748] chdir("./bus") = 0 [pid 6748] ioctl(4, LOOP_CLR_FD) = 0 [pid 6748] close(4) = 0 [pid 6748] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6748] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6747] <... futex resumed>) = 0 [pid 6748] memfd_create("syzkaller", 0 [pid 6747] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6748] <... memfd_create resumed>) = 4 [pid 6748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6748] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6748] munmap(0x7f6d360cf000, 32768) = 0 [pid 6748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6748] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6748] ioctl(5, LOOP_CLR_FD) = 0 [pid 6748] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6748] close(5) = 0 [pid 6748] close(4) = 0 [pid 6748] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6747] <... futex resumed>) = 0 [pid 6748] <... openat resumed>) = 4 [pid 6747] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] <... futex resumed>) = 1 [pid 6747] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6748] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... futex resumed>) = 1 [pid 6748] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6748] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] <... futex resumed>) = 1 [pid 6747] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6748] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6748] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... futex resumed>) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6748] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6747] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6747] <... futex resumed>) = 0 [pid 6747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6747] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6748] <... openat resumed>) = 6 [pid 6747] <... mprotect resumed>) = 0 [pid 6747] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6748] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6748] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6749 attached [ 155.134896][ T6748] loop0: detected capacity change from 0 to 64 [pid 6749] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6747] <... clone3 resumed> => {parent_tid=[6749]}, 88) = 6749 [pid 6749] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6747] rt_sigprocmask(SIG_SETMASK, [], [pid 6749] rt_sigprocmask(SIG_SETMASK, [], [pid 6747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6749] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6747] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6747] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6749] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6749] <... futex resumed>) = 0 [pid 6749] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] exit_group(0 [pid 6749] <... futex resumed>) = ? [pid 6747] <... exit_group resumed>) = ? [pid 6749] +++ exited with 0 +++ [pid 6748] <... futex resumed>) = ? [pid 6748] +++ exited with 0 +++ [pid 6747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6747, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./567", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./567/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./567/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./567/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./567/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./567/bus") = 0 umount2("./567/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./567/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./567") = 0 mkdir("./568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6750 attached , child_tidptr=0x5555564f6750) = 6750 [pid 6750] set_robust_list(0x5555564f6760, 24) = 0 [pid 6750] chdir("./568") = 0 [pid 6750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6750] setpgid(0, 0) = 0 [pid 6750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6750] write(3, "1000", 4) = 4 [pid 6750] close(3) = 0 [pid 6750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6750] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6750] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6751 attached [pid 6751] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6750] <... clone3 resumed> => {parent_tid=[6751]}, 88) = 6751 [pid 6751] <... rseq resumed>) = 0 [pid 6750] rt_sigprocmask(SIG_SETMASK, [], [pid 6751] set_robust_list(0x7f6d468e79a0, 24 [pid 6750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6751] <... set_robust_list resumed>) = 0 [pid 6750] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] rt_sigprocmask(SIG_SETMASK, [], [pid 6750] <... futex resumed>) = 0 [pid 6751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6750] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6751] memfd_create("syzkaller", 0) = 3 [pid 6751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6751] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6751] close(3) = 0 [pid 6751] mkdir("./bus", 0777) = 0 [pid 6751] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6751] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6751] chdir("./bus") = 0 [pid 6751] ioctl(4, LOOP_CLR_FD) = 0 [pid 6751] close(4) = 0 [pid 6751] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] <... futex resumed>) = 1 [pid 6750] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6751] memfd_create("syzkaller", 0) = 4 [pid 6751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6751] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6751] munmap(0x7f6d360cf000, 32768) = 0 [pid 6751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6751] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6751] ioctl(5, LOOP_CLR_FD) = 0 [pid 6751] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6751] close(5) = 0 [pid 6751] close(4) = 0 [pid 6751] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... futex resumed>) = 0 [pid 6751] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6751] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6750] <... futex resumed>) = 1 [pid 6750] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6750] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... futex resumed>) = 0 [pid 6750] <... futex resumed>) = 1 [pid 6751] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6751] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6750] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... futex resumed>) = 0 [pid 6750] <... futex resumed>) = 1 [pid 6751] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6750] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... mmap resumed>) = 0x20000000 [pid 6751] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6751] <... futex resumed>) = 0 [pid 6750] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6750] <... futex resumed>) = 0 [pid 6751] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6750] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6751] <... futex resumed>) = 1 [pid 6751] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6751] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6750] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6751] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6752 attached => {parent_tid=[6752]}, 88) = 6752 [pid 6752] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6750] rt_sigprocmask(SIG_SETMASK, [], [pid 6752] set_robust_list(0x7f6d360d69a0, 24 [pid 6750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6752] <... set_robust_list resumed>) = 0 [pid 6750] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], [pid 6750] <... futex resumed>) = 0 [pid 6750] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6752] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6752] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6750] exit_group(0 [pid 6751] <... futex resumed>) = ? [pid 6750] <... exit_group resumed>) = ? [pid 6752] <... futex resumed>) = ? [pid 6751] +++ exited with 0 +++ [pid 6752] +++ exited with 0 +++ [pid 6750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6750, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./568", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 155.277773][ T6751] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./568/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./568/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./568/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./568/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./568/bus") = 0 umount2("./568/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./568/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./568") = 0 mkdir("./569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6753 attached , child_tidptr=0x5555564f6750) = 6753 [pid 6753] set_robust_list(0x5555564f6760, 24) = 0 [pid 6753] chdir("./569") = 0 [pid 6753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6753] setpgid(0, 0) = 0 [pid 6753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6753] write(3, "1000", 4) = 4 [pid 6753] close(3) = 0 [pid 6753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6753] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6753] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6754 attached => {parent_tid=[6754]}, 88) = 6754 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6753] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6753] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6754] <... rseq resumed>) = 0 [pid 6754] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6754] memfd_create("syzkaller", 0) = 3 [pid 6754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6754] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6754] close(3) = 0 [pid 6754] mkdir("./bus", 0777) = 0 [pid 6754] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6754] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6754] chdir("./bus") = 0 [pid 6754] ioctl(4, LOOP_CLR_FD) = 0 [pid 6754] close(4) = 0 [pid 6754] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = 0 [pid 6754] <... futex resumed>) = 1 [pid 6753] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] memfd_create("syzkaller", 0 [pid 6753] <... futex resumed>) = 0 [pid 6754] <... memfd_create resumed>) = 4 [pid 6753] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6754] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6754] munmap(0x7f6d360cf000, 32768) = 0 [pid 6754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6754] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6754] ioctl(5, LOOP_CLR_FD) = 0 [pid 6754] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6754] close(5) = 0 [pid 6754] close(4) = 0 [pid 6754] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6754] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... futex resumed>) = 0 [pid 6753] <... futex resumed>) = 1 [pid 6754] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6753] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... openat resumed>) = 4 [pid 6754] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6754] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6753] <... futex resumed>) = 0 [pid 6754] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6753] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... write resumed>) = 12288 [pid 6754] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6754] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 155.399503][ T6754] loop0: detected capacity change from 0 to 64 [pid 6754] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6754] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6753] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6755 attached [pid 6755] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6753] <... clone3 resumed> => {parent_tid=[6755]}, 88) = 6755 [pid 6755] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], [pid 6755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6755] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6753] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] <... futex resumed>) = 0 [pid 6753] <... futex resumed>) = 1 [pid 6755] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6753] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... futex resumed>) = 1 [pid 6754] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6754] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6755] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6754] <... openat resumed>) = 6 [pid 6754] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6755] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] exit_group(0 [pid 6754] <... futex resumed>) = ? [pid 6755] <... futex resumed>) = ? [pid 6754] +++ exited with 0 +++ [pid 6753] <... exit_group resumed>) = ? [pid 6755] +++ exited with 0 +++ [pid 6753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6753, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./569", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./569/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./569/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./569/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./569/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./569/bus") = 0 umount2("./569/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./569/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./569") = 0 mkdir("./570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6756 attached , child_tidptr=0x5555564f6750) = 6756 [pid 6756] set_robust_list(0x5555564f6760, 24) = 0 [pid 6756] chdir("./570") = 0 [pid 6756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6756] setpgid(0, 0) = 0 [pid 6756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6756] write(3, "1000", 4) = 4 [pid 6756] close(3) = 0 [pid 6756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6756] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6756] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6756] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6757 attached [pid 6757] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6756] <... clone3 resumed> => {parent_tid=[6757]}, 88) = 6757 [pid 6757] <... rseq resumed>) = 0 [pid 6757] set_robust_list(0x7f6d468e79a0, 24 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], [pid 6757] <... set_robust_list resumed>) = 0 [pid 6756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6757] rt_sigprocmask(SIG_SETMASK, [], [pid 6756] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6756] <... futex resumed>) = 0 [pid 6757] memfd_create("syzkaller", 0 [pid 6756] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6757] <... memfd_create resumed>) = 3 [pid 6757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6757] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6757] close(3) = 0 [pid 6757] mkdir("./bus", 0777) = 0 [pid 6757] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6757] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6757] chdir("./bus") = 0 [pid 6757] ioctl(4, LOOP_CLR_FD) = 0 [pid 6757] close(4) = 0 [pid 6757] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6757] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6756] <... futex resumed>) = 1 [pid 6757] memfd_create("syzkaller", 0) = 4 [pid 6756] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6757] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6757] munmap(0x7f6d360cf000, 32768) = 0 [pid 6757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6757] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6757] ioctl(5, LOOP_CLR_FD) = 0 [pid 6757] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6757] close(5) = 0 [pid 6757] close(4) = 0 [pid 6757] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6757] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6757] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6757] <... futex resumed>) = 0 [pid 6756] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6757] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6757] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6757] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6756] <... futex resumed>) = 1 [pid 6756] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6757] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 155.521650][ T6757] loop0: detected capacity change from 0 to 64 [pid 6757] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6756] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6757] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6758 attached [pid 6758] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6756] <... clone3 resumed> => {parent_tid=[6758]}, 88) = 6758 [pid 6758] set_robust_list(0x7f6d360d69a0, 24 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], [pid 6758] <... set_robust_list resumed>) = 0 [pid 6756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6758] rt_sigprocmask(SIG_SETMASK, [], [pid 6756] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6758] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6756] <... futex resumed>) = 0 [pid 6758] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6756] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6758] <... futex resumed>) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6758] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6757] <... openat resumed>) = 6 [pid 6757] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] exit_group(0 [pid 6758] <... futex resumed>) = ? [pid 6756] <... exit_group resumed>) = ? [pid 6758] +++ exited with 0 +++ [pid 6757] <... futex resumed>) = ? [pid 6757] +++ exited with 0 +++ [pid 6756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6756, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./570", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./570/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./570/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./570/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./570/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./570/bus") = 0 umount2("./570/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./570/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./570") = 0 mkdir("./571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6759 attached , child_tidptr=0x5555564f6750) = 6759 [pid 6759] set_robust_list(0x5555564f6760, 24) = 0 [pid 6759] chdir("./571") = 0 [pid 6759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6759] setpgid(0, 0) = 0 [pid 6759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6759] write(3, "1000", 4) = 4 [pid 6759] close(3) = 0 [pid 6759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6759] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6759] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6759] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6759] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6760 attached => {parent_tid=[6760]}, 88) = 6760 [pid 6759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6759] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6760] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6760] memfd_create("syzkaller", 0) = 3 [pid 6760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6760] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6760] close(3) = 0 [pid 6760] mkdir("./bus", 0777) = 0 [pid 6760] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6760] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6760] chdir("./bus") = 0 [pid 6760] ioctl(4, LOOP_CLR_FD) = 0 [pid 6760] close(4) = 0 [pid 6760] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] <... futex resumed>) = 0 [pid 6760] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6760] memfd_create("syzkaller", 0 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] <... memfd_create resumed>) = 4 [pid 6760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6760] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6760] munmap(0x7f6d360cf000, 32768) = 0 [pid 6760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6760] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6760] ioctl(5, LOOP_CLR_FD) = 0 [pid 6760] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6760] close(5) = 0 [pid 6760] close(4) = 0 [pid 6760] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] <... futex resumed>) = 0 [pid 6760] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6759] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... openat resumed>) = 4 [pid 6760] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6760] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] <... futex resumed>) = 0 [pid 6759] <... futex resumed>) = 1 [pid 6760] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6759] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... write resumed>) = 12288 [pid 6760] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [ 155.643121][ T6760] loop0: detected capacity change from 0 to 64 [pid 6760] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6760] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6760] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6760] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6760] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] <... futex resumed>) = 0 [pid 6759] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6759] <... futex resumed>) = 0 [pid 6760] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6759] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] <... openat resumed>) = 6 [pid 6759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6759] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6760] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... mprotect resumed>) = 0 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6761 attached => {parent_tid=[6761]}, 88) = 6761 [pid 6759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6759] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6761] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6761] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6761] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6761] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] <... futex resumed>) = 0 [pid 6761] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] exit_group(0 [pid 6761] <... futex resumed>) = ? [pid 6760] <... futex resumed>) = ? [pid 6761] +++ exited with 0 +++ [pid 6760] +++ exited with 0 +++ [pid 6759] <... exit_group resumed>) = ? [pid 6759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6759, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./571", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./571/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./571/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./571/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./571/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./571/bus") = 0 umount2("./571/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./571/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./571") = 0 mkdir("./572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6762 attached , child_tidptr=0x5555564f6750) = 6762 [pid 6762] set_robust_list(0x5555564f6760, 24) = 0 [pid 6762] chdir("./572") = 0 [pid 6762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6762] setpgid(0, 0) = 0 [pid 6762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6762] write(3, "1000", 4) = 4 [pid 6762] close(3) = 0 [pid 6762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6762] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6762] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6762] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6762] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6762] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6763 attached => {parent_tid=[6763]}, 88) = 6763 [pid 6763] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6762] rt_sigprocmask(SIG_SETMASK, [], [pid 6763] <... rseq resumed>) = 0 [pid 6762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6763] set_robust_list(0x7f6d468e79a0, 24 [pid 6762] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... set_robust_list resumed>) = 0 [pid 6762] <... futex resumed>) = 0 [pid 6763] rt_sigprocmask(SIG_SETMASK, [], [pid 6762] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6763] memfd_create("syzkaller", 0) = 3 [pid 6763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6763] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6763] close(3) = 0 [pid 6763] mkdir("./bus", 0777) = 0 [pid 6763] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6763] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6763] chdir("./bus") = 0 [pid 6763] ioctl(4, LOOP_CLR_FD) = 0 [pid 6763] close(4) = 0 [pid 6763] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6763] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... futex resumed>) = 0 [pid 6762] <... futex resumed>) = 1 [pid 6763] memfd_create("syzkaller", 0 [pid 6762] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6763] <... memfd_create resumed>) = 4 [pid 6763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6763] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6763] munmap(0x7f6d360cf000, 32768) = 0 [pid 6763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6763] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6763] ioctl(5, LOOP_CLR_FD) = 0 [pid 6763] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6763] close(5) = 0 [pid 6763] close(4) = 0 [pid 6763] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6763] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6763] <... futex resumed>) = 0 [pid 6763] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6762] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] <... openat resumed>) = 4 [pid 6763] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = 0 [pid 6763] <... futex resumed>) = 1 [pid 6762] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] <... write resumed>) = 12288 [ 155.788467][ T6763] loop0: detected capacity change from 0 to 64 [pid 6763] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... futex resumed>) = 1 [pid 6763] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6763] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = 0 [pid 6763] <... futex resumed>) = 0 [pid 6762] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6762] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6762] <... futex resumed>) = 0 [pid 6763] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6762] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] <... openat resumed>) = 5 [pid 6763] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6763] <... futex resumed>) = 1 [pid 6762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6763] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6762] <... mmap resumed>) = 0x7f6d360b6000 [pid 6763] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6762] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6762] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6762] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6764]}, 88) = 6764 ./strace-static-x86_64: Process 6764 attached [pid 6763] <... openat resumed>) = 6 [pid 6762] rt_sigprocmask(SIG_SETMASK, [], [pid 6764] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6763] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] set_robust_list(0x7f6d360d69a0, 24 [pid 6762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6764] <... set_robust_list resumed>) = 0 [pid 6764] rt_sigprocmask(SIG_SETMASK, [], [pid 6763] <... futex resumed>) = 0 [pid 6762] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6764] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6763] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6764] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6764] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6764] <... futex resumed>) = 0 [pid 6762] exit_group(0 [pid 6763] <... futex resumed>) = ? [pid 6763] +++ exited with 0 +++ [pid 6762] <... exit_group resumed>) = ? [pid 6764] +++ exited with 0 +++ [pid 6762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6762, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./572", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./572/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./572/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./572/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./572/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./572/bus") = 0 umount2("./572/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./572/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./572") = 0 mkdir("./573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6765 ./strace-static-x86_64: Process 6765 attached [pid 6765] set_robust_list(0x5555564f6760, 24) = 0 [pid 6765] chdir("./573") = 0 [pid 6765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6765] setpgid(0, 0) = 0 [pid 6765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6765] write(3, "1000", 4) = 4 [pid 6765] close(3) = 0 [pid 6765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6765] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6765] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6766 attached [pid 6766] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6766] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6765] <... clone3 resumed> => {parent_tid=[6766]}, 88) = 6766 [pid 6766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6765] rt_sigprocmask(SIG_SETMASK, [], [pid 6766] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6765] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] <... futex resumed>) = 0 [pid 6765] <... futex resumed>) = 1 [pid 6766] memfd_create("syzkaller", 0 [pid 6765] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6766] <... memfd_create resumed>) = 3 [pid 6766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6766] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6766] close(3) = 0 [pid 6766] mkdir("./bus", 0777) = 0 [pid 6766] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6766] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6766] chdir("./bus") = 0 [pid 6766] ioctl(4, LOOP_CLR_FD) = 0 [pid 6766] close(4) = 0 [pid 6766] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6766] <... futex resumed>) = 1 [pid 6765] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] memfd_create("syzkaller", 0 [pid 6765] <... futex resumed>) = 0 [pid 6766] <... memfd_create resumed>) = 4 [pid 6765] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6766] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6766] munmap(0x7f6d360cf000, 32768) = 0 [pid 6766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6766] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6766] ioctl(5, LOOP_CLR_FD) = 0 [pid 6766] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6766] close(5) = 0 [pid 6766] close(4) = 0 [pid 6766] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6766] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6765] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] <... openat resumed>) = 4 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] <... futex resumed>) = 1 [pid 6766] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6766] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6766] <... futex resumed>) = 1 [pid 6765] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6765] <... futex resumed>) = 0 [pid 6766] <... mmap resumed>) = 0x20000000 [pid 6765] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] <... futex resumed>) = 1 [pid 6766] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6766] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6766] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] <... futex resumed>) = 1 [pid 6766] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6765] <... futex resumed>) = 0 [pid 6766] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6765] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] <... openat resumed>) = 6 [pid 6765] <... futex resumed>) = 0 [pid 6765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6765] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6766] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] <... mprotect resumed>) = 0 [pid 6766] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6767 attached => {parent_tid=[6767]}, 88) = 6767 [pid 6767] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6765] rt_sigprocmask(SIG_SETMASK, [], [pid 6767] set_robust_list(0x7f6d360d69a0, 24 [pid 6765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6767] <... set_robust_list resumed>) = 0 [pid 6765] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] rt_sigprocmask(SIG_SETMASK, [], [pid 6765] <... futex resumed>) = 0 [pid 6767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6765] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6767] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6767] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] exit_group(0 [pid 6767] <... futex resumed>) = ? [pid 6766] <... futex resumed>) = ? [pid 6767] +++ exited with 0 +++ [pid 6766] +++ exited with 0 +++ [pid 6765] <... exit_group resumed>) = ? [pid 6765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6765, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./573", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 155.935699][ T6766] loop0: detected capacity change from 0 to 64 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./573/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./573/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./573/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./573/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./573/bus") = 0 umount2("./573/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./573/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./573") = 0 mkdir("./574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6768 ./strace-static-x86_64: Process 6768 attached [pid 6768] set_robust_list(0x5555564f6760, 24) = 0 [pid 6768] chdir("./574") = 0 [pid 6768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6768] setpgid(0, 0) = 0 [pid 6768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6768] write(3, "1000", 4) = 4 [pid 6768] close(3) = 0 [pid 6768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6768] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6768] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6769 attached => {parent_tid=[6769]}, 88) = 6769 [pid 6768] rt_sigprocmask(SIG_SETMASK, [], [pid 6769] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6769] <... rseq resumed>) = 0 [pid 6769] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6769] rt_sigprocmask(SIG_SETMASK, [], [pid 6768] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6769] memfd_create("syzkaller", 0) = 3 [pid 6769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6769] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6769] close(3) = 0 [pid 6769] mkdir("./bus", 0777) = 0 [pid 6769] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6769] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6769] chdir("./bus") = 0 [pid 6769] ioctl(4, LOOP_CLR_FD) = 0 [pid 6769] close(4) = 0 [pid 6769] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] memfd_create("syzkaller", 0 [pid 6768] <... futex resumed>) = 0 [pid 6769] <... memfd_create resumed>) = 4 [pid 6768] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6769] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6769] munmap(0x7f6d360cf000, 32768) = 0 [pid 6769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6769] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6769] ioctl(5, LOOP_CLR_FD) = 0 [pid 6769] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6769] close(5) = 0 [pid 6769] close(4) = 0 [pid 6769] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6769] <... futex resumed>) = 1 [pid 6768] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6768] <... futex resumed>) = 0 [pid 6769] <... openat resumed>) = 4 [pid 6768] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... futex resumed>) = 1 [pid 6769] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6769] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6769] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6768] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... mmap resumed>) = 0x20000000 [pid 6769] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6769] <... futex resumed>) = 1 [pid 6768] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6769] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6769] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6769] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6768] <... mmap resumed>) = 0x7f6d360b6000 [pid 6769] <... openat resumed>) = 6 [pid 6768] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 156.059214][ T6769] loop0: detected capacity change from 0 to 64 [pid 6769] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6770 attached => {parent_tid=[6770]}, 88) = 6770 [pid 6768] rt_sigprocmask(SIG_SETMASK, [], [pid 6770] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6770] set_robust_list(0x7f6d360d69a0, 24 [pid 6768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6770] <... set_robust_list resumed>) = 0 [pid 6770] rt_sigprocmask(SIG_SETMASK, [], [pid 6768] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6768] <... futex resumed>) = 0 [pid 6770] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6768] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6770] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6770] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] <... futex resumed>) = 0 [pid 6768] exit_group(0 [pid 6770] <... futex resumed>) = ? [pid 6769] <... futex resumed>) = ? [pid 6768] <... exit_group resumed>) = ? [pid 6770] +++ exited with 0 +++ [pid 6769] +++ exited with 0 +++ [pid 6768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6768, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./574", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./574/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./574/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./574/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./574/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./574/bus") = 0 umount2("./574/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./574/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./574") = 0 mkdir("./575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6771 attached [pid 6771] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6771 [pid 6771] chdir("./575") = 0 [pid 6771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6771] setpgid(0, 0) = 0 [pid 6771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6771] write(3, "1000", 4) = 4 [pid 6771] close(3) = 0 [pid 6771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6771] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6771] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6771] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6772 attached => {parent_tid=[6772]}, 88) = 6772 [pid 6772] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6771] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] <... rseq resumed>) = 0 [pid 6771] <... futex resumed>) = 0 [pid 6772] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6771] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6772] memfd_create("syzkaller", 0) = 3 [pid 6772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6772] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6772] close(3) = 0 [pid 6772] mkdir("./bus", 0777) = 0 [pid 6772] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6772] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6772] chdir("./bus") = 0 [pid 6772] ioctl(4, LOOP_CLR_FD) = 0 [pid 6772] close(4) = 0 [pid 6772] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6772] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6771] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6772] memfd_create("syzkaller", 0) = 4 [pid 6772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6772] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6772] munmap(0x7f6d360cf000, 32768) = 0 [pid 6772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6772] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6772] ioctl(5, LOOP_CLR_FD) = 0 [pid 6772] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6772] close(5) = 0 [pid 6772] close(4) = 0 [pid 6772] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] <... futex resumed>) = 0 [pid 6771] <... futex resumed>) = 1 [pid 6772] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6771] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] <... openat resumed>) = 4 [pid 6772] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6772] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] <... mmap resumed>) = 0x20000000 [pid 6772] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6771] <... futex resumed>) = 0 [pid 6772] <... futex resumed>) = 1 [pid 6771] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6771] <... futex resumed>) = 0 [pid 6772] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [ 156.196938][ T6772] loop0: detected capacity change from 0 to 64 [pid 6771] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] <... openat resumed>) = 5 [pid 6772] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6771] <... futex resumed>) = 0 [pid 6772] <... futex resumed>) = 1 [pid 6771] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6771] <... futex resumed>) = 0 [pid 6772] <... openat resumed>) = 6 [pid 6771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6772] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6772] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6771] <... mprotect resumed>) = 0 [pid 6771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6773 attached [pid 6773] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6771] <... clone3 resumed> => {parent_tid=[6773]}, 88) = 6773 [pid 6773] <... rseq resumed>) = 0 [pid 6771] rt_sigprocmask(SIG_SETMASK, [], [pid 6773] set_robust_list(0x7f6d360d69a0, 24 [pid 6771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6771] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6773] <... set_robust_list resumed>) = 0 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6773] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6773] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6771] <... futex resumed>) = 0 [pid 6771] exit_group(0 [pid 6773] <... futex resumed>) = ? [pid 6771] <... exit_group resumed>) = ? [pid 6773] +++ exited with 0 +++ [pid 6772] <... futex resumed>) = ? [pid 6772] +++ exited with 0 +++ [pid 6771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6771, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./575", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./575/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./575/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./575/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./575/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./575/bus") = 0 umount2("./575/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./575/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./575") = 0 mkdir("./576", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6774 attached , child_tidptr=0x5555564f6750) = 6774 [pid 6774] set_robust_list(0x5555564f6760, 24) = 0 [pid 6774] chdir("./576") = 0 [pid 6774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6774] setpgid(0, 0) = 0 [pid 6774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6774] write(3, "1000", 4) = 4 [pid 6774] close(3) = 0 [pid 6774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6774] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6774] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6775 attached [pid 6775] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6775] set_robust_list(0x7f6d468e79a0, 24 [pid 6774] <... clone3 resumed> => {parent_tid=[6775]}, 88) = 6775 [pid 6775] <... set_robust_list resumed>) = 0 [pid 6775] rt_sigprocmask(SIG_SETMASK, [], [pid 6774] rt_sigprocmask(SIG_SETMASK, [], [pid 6775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6775] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6774] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 6775] memfd_create("syzkaller", 0 [pid 6774] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6775] <... memfd_create resumed>) = 3 [pid 6775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6775] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6775] close(3) = 0 [pid 6775] mkdir("./bus", 0777) = 0 [pid 6775] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6775] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6775] chdir("./bus") = 0 [pid 6775] ioctl(4, LOOP_CLR_FD) = 0 [pid 6775] close(4) = 0 [pid 6775] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6775] memfd_create("syzkaller", 0) = 4 [pid 6775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6775] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6775] munmap(0x7f6d360cf000, 32768) = 0 [pid 6775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6775] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6775] ioctl(5, LOOP_CLR_FD) = 0 [pid 6775] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6775] close(5) = 0 [pid 6775] close(4) = 0 [pid 6775] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6774] <... futex resumed>) = 0 [ 156.352418][ T6775] loop0: detected capacity change from 0 to 64 [pid 6774] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] <... openat resumed>) = 4 [pid 6775] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6775] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6774] <... futex resumed>) = 0 [pid 6775] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6774] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] <... write resumed>) = 12288 [pid 6775] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6775] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6774] <... futex resumed>) = 0 [pid 6775] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6774] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] <... mmap resumed>) = 0x20000000 [pid 6775] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6775] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6774] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6775] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6774] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6775] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6774] <... mmap resumed>) = 0x7f6d360b6000 [pid 6774] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6775] <... openat resumed>) = 6 [pid 6774] <... mprotect resumed>) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6775] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6775] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6776 attached [pid 6776] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6776] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6776] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... clone3 resumed> => {parent_tid=[6776]}, 88) = 6776 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 6776] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6774] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6776] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6776] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... futex resumed>) = 0 [pid 6774] exit_group(0 [pid 6776] <... futex resumed>) = ? [pid 6775] <... futex resumed>) = ? [pid 6774] <... exit_group resumed>) = ? [pid 6776] +++ exited with 0 +++ [pid 6775] +++ exited with 0 +++ [pid 6774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6774, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./576", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./576/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./576/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./576/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./576/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./576/bus") = 0 umount2("./576/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./576/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./576") = 0 mkdir("./577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6777 ./strace-static-x86_64: Process 6777 attached [pid 6777] set_robust_list(0x5555564f6760, 24) = 0 [pid 6777] chdir("./577") = 0 [pid 6777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6777] setpgid(0, 0) = 0 [pid 6777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6777] write(3, "1000", 4) = 4 [pid 6777] close(3) = 0 [pid 6777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6777] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6777] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6777] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6777] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6778]}, 88) = 6778 ./strace-static-x86_64: Process 6778 attached [pid 6778] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6777] rt_sigprocmask(SIG_SETMASK, [], [pid 6778] <... rseq resumed>) = 0 [pid 6778] set_robust_list(0x7f6d468e79a0, 24 [pid 6777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6778] <... set_robust_list resumed>) = 0 [pid 6778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6778] memfd_create("syzkaller", 0) = 3 [pid 6778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6778] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6778] close(3) = 0 [pid 6778] mkdir("./bus", 0777) = 0 [pid 6778] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6778] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6778] chdir("./bus") = 0 [pid 6778] ioctl(4, LOOP_CLR_FD) = 0 [pid 6778] close(4) = 0 [pid 6778] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] <... futex resumed>) = 0 [pid 6778] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6777] <... futex resumed>) = 0 [pid 6778] memfd_create("syzkaller", 0 [pid 6777] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6778] <... memfd_create resumed>) = 4 [pid 6778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6778] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6778] munmap(0x7f6d360cf000, 32768) = 0 [pid 6778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6778] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6778] ioctl(5, LOOP_CLR_FD) = 0 [pid 6778] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6778] close(5) = 0 [pid 6778] close(4) = 0 [pid 6778] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] <... futex resumed>) = 0 [pid 6778] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6778] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] <... futex resumed>) = 0 [pid 6778] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] <... futex resumed>) = 0 [pid 6777] <... futex resumed>) = 1 [pid 6778] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6777] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... write resumed>) = 12288 [pid 6778] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6778] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6778] <... futex resumed>) = 0 [pid 6778] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6777] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... mmap resumed>) = 0x20000000 [pid 6778] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] <... futex resumed>) = 0 [pid 6778] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6777] <... futex resumed>) = 0 [pid 6778] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6777] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 156.496980][ T6778] loop0: detected capacity change from 0 to 64 [pid 6778] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6777] <... futex resumed>) = 0 [pid 6778] <... openat resumed>) = 6 [pid 6777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6778] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... mmap resumed>) = 0x7f6d360b6000 [pid 6778] <... futex resumed>) = 0 [pid 6777] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6778] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] <... mprotect resumed>) = 0 [pid 6777] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6779 attached => {parent_tid=[6779]}, 88) = 6779 [pid 6779] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6779] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6779] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6777] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] <... futex resumed>) = 0 [pid 6777] <... futex resumed>) = 1 [pid 6779] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6777] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6779] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6779] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] <... futex resumed>) = 0 [pid 6779] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] exit_group(0 [pid 6779] <... futex resumed>) = ? [pid 6778] <... futex resumed>) = ? [pid 6777] <... exit_group resumed>) = ? [pid 6779] +++ exited with 0 +++ [pid 6778] +++ exited with 0 +++ [pid 6777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6777, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./577", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./577/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./577/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./577/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./577/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./577/bus") = 0 umount2("./577/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./577/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./577") = 0 mkdir("./578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6780 ./strace-static-x86_64: Process 6780 attached [pid 6780] set_robust_list(0x5555564f6760, 24) = 0 [pid 6780] chdir("./578") = 0 [pid 6780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6780] setpgid(0, 0) = 0 [pid 6780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6780] write(3, "1000", 4) = 4 [pid 6780] close(3) = 0 [pid 6780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6780] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6780] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6780] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6781]}, 88) = 6781 ./strace-static-x86_64: Process 6781 attached [pid 6781] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6781] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6780] rt_sigprocmask(SIG_SETMASK, [], [pid 6781] rt_sigprocmask(SIG_SETMASK, [], [pid 6780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6780] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] memfd_create("syzkaller", 0 [pid 6780] <... futex resumed>) = 0 [pid 6781] <... memfd_create resumed>) = 3 [pid 6780] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6781] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6781] close(3) = 0 [pid 6781] mkdir("./bus", 0777) = 0 [pid 6781] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6781] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6781] chdir("./bus") = 0 [pid 6781] ioctl(4, LOOP_CLR_FD) = 0 [pid 6781] close(4) = 0 [pid 6781] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] <... futex resumed>) = 0 [pid 6780] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6781] memfd_create("syzkaller", 0) = 4 [pid 6781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6781] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6781] munmap(0x7f6d360cf000, 32768) = 0 [pid 6781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6781] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6781] ioctl(5, LOOP_CLR_FD) = 0 [pid 6781] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6781] close(5) = 0 [pid 6781] close(4) = 0 [pid 6781] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6780] <... futex resumed>) = 0 [pid 6781] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] <... futex resumed>) = 0 [pid 6780] <... futex resumed>) = 1 [pid 6781] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6780] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6781] <... openat resumed>) = 4 [pid 6781] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6781] <... futex resumed>) = 1 [pid 6781] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6781] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] <... futex resumed>) = 1 [pid 6780] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6781] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6781] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] <... futex resumed>) = 1 [pid 6780] <... futex resumed>) = 0 [pid 6781] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6780] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6781] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6781] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] <... futex resumed>) = 0 [pid 6781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6780] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6780] <... futex resumed>) = 0 [pid 6780] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6781] <... openat resumed>) = 6 [pid 6780] <... mmap resumed>) = 0x7f6d360b6000 [pid 6780] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6781] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... mprotect resumed>) = 0 [pid 6781] <... futex resumed>) = 0 [pid 6781] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6780] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6782]}, 88) = 6782 ./strace-static-x86_64: Process 6782 attached [pid 6782] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6780] rt_sigprocmask(SIG_SETMASK, [], [pid 6782] <... rseq resumed>) = 0 [pid 6780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6782] set_robust_list(0x7f6d360d69a0, 24 [pid 6780] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] <... set_robust_list resumed>) = 0 [pid 6780] <... futex resumed>) = 0 [ 156.635826][ T6781] loop0: detected capacity change from 0 to 64 [pid 6780] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6782] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6782] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6780] <... futex resumed>) = 0 [pid 6782] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6780] exit_group(0 [pid 6782] <... futex resumed>) = ? [pid 6782] +++ exited with 0 +++ [pid 6781] <... futex resumed>) = ? [pid 6780] <... exit_group resumed>) = ? [pid 6781] +++ exited with 0 +++ [pid 6780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6780, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./578", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./578/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./578/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./578/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./578/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./578/bus") = 0 umount2("./578/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./578/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./578") = 0 mkdir("./579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6783 attached , child_tidptr=0x5555564f6750) = 6783 [pid 6783] set_robust_list(0x5555564f6760, 24) = 0 [pid 6783] chdir("./579") = 0 [pid 6783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6783] setpgid(0, 0) = 0 [pid 6783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6783] write(3, "1000", 4) = 4 [pid 6783] close(3) = 0 [pid 6783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6783] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6783] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6783] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6784]}, 88) = 6784 [pid 6783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6784 attached [pid 6783] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6784] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6784] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6784] memfd_create("syzkaller", 0) = 3 [pid 6784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6784] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6784] close(3) = 0 [pid 6784] mkdir("./bus", 0777) = 0 [pid 6784] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6784] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6784] chdir("./bus") = 0 [pid 6784] ioctl(4, LOOP_CLR_FD) = 0 [pid 6784] close(4) = 0 [pid 6784] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... futex resumed>) = 0 [pid 6783] <... futex resumed>) = 1 [pid 6784] memfd_create("syzkaller", 0 [pid 6783] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6784] <... memfd_create resumed>) = 4 [pid 6784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6784] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6784] munmap(0x7f6d360cf000, 32768) = 0 [pid 6784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6784] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6784] ioctl(5, LOOP_CLR_FD) = 0 [pid 6784] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6784] close(5) = 0 [pid 6784] close(4) = 0 [pid 6784] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... futex resumed>) = 0 [pid 6783] <... futex resumed>) = 1 [pid 6784] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6783] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... openat resumed>) = 4 [pid 6784] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6783] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... write resumed>) = 12288 [pid 6784] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... futex resumed>) = 0 [pid 6783] <... futex resumed>) = 1 [pid 6783] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6784] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 156.746666][ T6784] loop0: detected capacity change from 0 to 64 [pid 6783] <... futex resumed>) = 0 [pid 6784] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6783] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6784] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6784] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6783] <... mmap resumed>) = 0x7f6d360b6000 [pid 6784] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6783] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6783] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6784] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6785]}, 88) = 6785 [pid 6783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6783] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6785 attached [pid 6785] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6785] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6785] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6785] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6785] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] exit_group(0 [pid 6785] <... futex resumed>) = ? [pid 6783] <... exit_group resumed>) = ? [pid 6784] <... futex resumed>) = ? [pid 6784] +++ exited with 0 +++ [pid 6785] +++ exited with 0 +++ [pid 6783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6783, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./579", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./579/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./579/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./579/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./579/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./579/bus") = 0 umount2("./579/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./579/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./579") = 0 mkdir("./580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6786 attached , child_tidptr=0x5555564f6750) = 6786 [pid 6786] set_robust_list(0x5555564f6760, 24) = 0 [pid 6786] chdir("./580") = 0 [pid 6786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6786] setpgid(0, 0) = 0 [pid 6786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6786] write(3, "1000", 4) = 4 [pid 6786] close(3) = 0 [pid 6786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6786] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6786] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6787 attached [pid 6787] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6787] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6787] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] <... clone3 resumed> => {parent_tid=[6787]}, 88) = 6787 [pid 6786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6786] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6787] <... futex resumed>) = 0 [pid 6786] <... futex resumed>) = 1 [pid 6787] memfd_create("syzkaller", 0 [pid 6786] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6787] <... memfd_create resumed>) = 3 [pid 6787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6787] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6787] close(3) = 0 [pid 6787] mkdir("./bus", 0777) = 0 [pid 6787] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6787] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6787] chdir("./bus") = 0 [pid 6787] ioctl(4, LOOP_CLR_FD) = 0 [pid 6787] close(4) = 0 [pid 6787] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] <... futex resumed>) = 1 [pid 6786] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6787] memfd_create("syzkaller", 0) = 4 [pid 6787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6787] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6787] munmap(0x7f6d360cf000, 32768) = 0 [pid 6787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6787] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6787] ioctl(5, LOOP_CLR_FD) = 0 [pid 6787] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6787] close(5) = 0 [pid 6787] close(4) = 0 [pid 6787] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6787] <... futex resumed>) = 1 [pid 6786] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6787] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6786] <... futex resumed>) = 0 [pid 6787] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6786] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6787] <... write resumed>) = 12288 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... futex resumed>) = 1 [pid 6787] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6787] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... futex resumed>) = 1 [pid 6787] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6787] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6787] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6786] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6787] <... futex resumed>) = 1 [pid 6787] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6786] <... futex resumed>) = 0 [pid 6787] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6786] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6787] <... openat resumed>) = 6 [pid 6786] <... mmap resumed>) = 0x7f6d360b6000 [pid 6787] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6787] <... futex resumed>) = 0 [pid 6787] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] <... mprotect resumed>) = 0 [pid 6786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6788 attached => {parent_tid=[6788]}, 88) = 6788 [pid 6786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6786] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 156.885231][ T6787] loop0: detected capacity change from 0 to 64 [pid 6788] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6788] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6788] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6788] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6788] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6786] <... futex resumed>) = 0 [pid 6786] exit_group(0 [pid 6787] <... futex resumed>) = ? [pid 6788] <... futex resumed>) = ? [pid 6788] +++ exited with 0 +++ [pid 6787] +++ exited with 0 +++ [pid 6786] <... exit_group resumed>) = ? [pid 6786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6786, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./580", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./580/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./580/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./580/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./580/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./580/bus") = 0 umount2("./580/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./580/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./580") = 0 mkdir("./581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6789 attached [pid 6789] set_robust_list(0x5555564f6760, 24 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6789 [pid 6789] <... set_robust_list resumed>) = 0 [pid 6789] chdir("./581") = 0 [pid 6789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6789] setpgid(0, 0) = 0 [pid 6789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6789] write(3, "1000", 4) = 4 [pid 6789] close(3) = 0 [pid 6789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6789] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6789] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6790 attached [pid 6790] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6789] <... clone3 resumed> => {parent_tid=[6790]}, 88) = 6790 [pid 6790] <... rseq resumed>) = 0 [pid 6789] rt_sigprocmask(SIG_SETMASK, [], [pid 6790] set_robust_list(0x7f6d468e79a0, 24 [pid 6789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6790] <... set_robust_list resumed>) = 0 [pid 6789] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] rt_sigprocmask(SIG_SETMASK, [], [pid 6789] <... futex resumed>) = 0 [pid 6790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6789] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6790] memfd_create("syzkaller", 0) = 3 [pid 6790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6790] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6790] close(3) = 0 [pid 6790] mkdir("./bus", 0777) = 0 [pid 6790] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6790] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6790] chdir("./bus") = 0 [pid 6790] ioctl(4, LOOP_CLR_FD) = 0 [pid 6790] close(4) = 0 [pid 6790] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6790] memfd_create("syzkaller", 0 [pid 6789] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6790] <... memfd_create resumed>) = 4 [pid 6790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6790] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6790] munmap(0x7f6d360cf000, 32768) = 0 [pid 6790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6790] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6790] ioctl(5, LOOP_CLR_FD) = 0 [pid 6790] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6790] close(5) = 0 [pid 6790] close(4) = 0 [pid 6790] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6790] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... futex resumed>) = 0 [pid 6789] <... futex resumed>) = 1 [pid 6790] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6789] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] <... openat resumed>) = 4 [pid 6790] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6790] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6789] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... write resumed>) = 12288 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6790] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6789] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... mmap resumed>) = 0x20000000 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6789] <... futex resumed>) = 0 [pid 6790] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6789] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] <... openat resumed>) = 5 [pid 6790] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6790] <... futex resumed>) = 1 [pid 6789] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6790] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6789] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6790] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6789] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6791 attached [pid 6791] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6789] <... clone3 resumed> => {parent_tid=[6791]}, 88) = 6791 [pid 6791] <... rseq resumed>) = 0 [pid 6790] <... openat resumed>) = 6 [pid 6789] rt_sigprocmask(SIG_SETMASK, [], [pid 6791] set_robust_list(0x7f6d360d69a0, 24 [pid 6789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6791] <... set_robust_list resumed>) = 0 [pid 6789] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] rt_sigprocmask(SIG_SETMASK, [], [pid 6789] <... futex resumed>) = 0 [pid 6791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6789] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6791] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6790] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... futex resumed>) = 0 [ 157.012584][ T6790] loop0: detected capacity change from 0 to 64 [pid 6790] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6791] <... futex resumed>) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6791] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6789] exit_group(0 [pid 6791] <... futex resumed>) = ? [pid 6790] <... futex resumed>) = ? [pid 6789] <... exit_group resumed>) = ? [pid 6791] +++ exited with 0 +++ [pid 6790] +++ exited with 0 +++ [pid 6789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6789, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./581", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./581/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./581/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./581/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./581/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./581/bus") = 0 umount2("./581/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./581/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./581") = 0 mkdir("./582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6792 attached , child_tidptr=0x5555564f6750) = 6792 [pid 6792] set_robust_list(0x5555564f6760, 24) = 0 [pid 6792] chdir("./582") = 0 [pid 6792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6792] setpgid(0, 0) = 0 [pid 6792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6792] write(3, "1000", 4) = 4 [pid 6792] close(3) = 0 [pid 6792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6792] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6792] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6793 attached => {parent_tid=[6793]}, 88) = 6793 [pid 6792] rt_sigprocmask(SIG_SETMASK, [], [pid 6793] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6793] set_robust_list(0x7f6d468e79a0, 24 [pid 6792] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... set_robust_list resumed>) = 0 [pid 6793] rt_sigprocmask(SIG_SETMASK, [], [pid 6792] <... futex resumed>) = 0 [pid 6793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6793] memfd_create("syzkaller", 0 [pid 6792] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6793] <... memfd_create resumed>) = 3 [pid 6793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6793] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6793] close(3) = 0 [pid 6793] mkdir("./bus", 0777) = 0 [pid 6793] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6793] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6793] chdir("./bus") = 0 [pid 6793] ioctl(4, LOOP_CLR_FD) = 0 [pid 6793] close(4) = 0 [pid 6793] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6793] <... futex resumed>) = 1 [pid 6793] memfd_create("syzkaller", 0) = 4 [pid 6793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6793] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6793] munmap(0x7f6d360cf000, 32768) = 0 [pid 6793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6793] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6793] ioctl(5, LOOP_CLR_FD) = 0 [pid 6793] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6793] close(5) = 0 [pid 6793] close(4) = 0 [pid 6793] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... futex resumed>) = 1 [pid 6793] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6793] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6793] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6792] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... write resumed>) = 12288 [pid 6793] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... futex resumed>) = 1 [pid 6793] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6793] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... futex resumed>) = 1 [pid 6793] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6793] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6793] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6793] <... futex resumed>) = 1 [pid 6792] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6792] <... futex resumed>) = 0 [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6793] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6792] <... mmap resumed>) = 0x7f6d360b6000 [pid 6792] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6793] <... openat resumed>) = 6 [pid 6792] <... mprotect resumed>) = 0 [ 157.137732][ T6793] loop0: detected capacity change from 0 to 64 [pid 6792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6794 attached [pid 6794] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6793] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... rseq resumed>) = 0 [pid 6794] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6793] <... futex resumed>) = 0 [pid 6792] <... clone3 resumed> => {parent_tid=[6794]}, 88) = 6794 [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 6793] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] rt_sigprocmask(SIG_SETMASK, [], [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6792] <... futex resumed>) = 0 [pid 6794] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6792] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6794] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6794] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] exit_group(0 [pid 6793] <... futex resumed>) = ? [pid 6794] <... futex resumed>) = ? [pid 6793] +++ exited with 0 +++ [pid 6794] +++ exited with 0 +++ [pid 6792] <... exit_group resumed>) = ? [pid 6792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6792, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./582", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./582/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./582/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./582/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./582/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./582/bus") = 0 umount2("./582/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./582/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./582") = 0 mkdir("./583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6795 attached , child_tidptr=0x5555564f6750) = 6795 [pid 6795] set_robust_list(0x5555564f6760, 24) = 0 [pid 6795] chdir("./583") = 0 [pid 6795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6795] setpgid(0, 0) = 0 [pid 6795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6795] write(3, "1000", 4) = 4 [pid 6795] close(3) = 0 [pid 6795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6795] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6795] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6796 attached => {parent_tid=[6796]}, 88) = 6796 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6796] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6795] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6795] <... futex resumed>) = 0 [pid 6796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6795] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6796] memfd_create("syzkaller", 0) = 3 [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6796] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6796] close(3) = 0 [pid 6796] mkdir("./bus", 0777) = 0 [pid 6796] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6796] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6796] chdir("./bus") = 0 [pid 6796] ioctl(4, LOOP_CLR_FD) = 0 [pid 6796] close(4) = 0 [pid 6796] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6796] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = 1 [pid 6796] memfd_create("syzkaller", 0 [pid 6795] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6796] <... memfd_create resumed>) = 4 [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6796] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6796] munmap(0x7f6d360cf000, 32768) = 0 [pid 6796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6796] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6796] ioctl(5, LOOP_CLR_FD) = 0 [pid 6796] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6796] close(5) = 0 [pid 6796] close(4) = 0 [pid 6796] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6796] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = 1 [pid 6796] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6795] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... openat resumed>) = 4 [pid 6796] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = 1 [pid 6796] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6795] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... write resumed>) = 12288 [pid 6796] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6796] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... mmap resumed>) = 0x20000000 [pid 6796] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6795] <... futex resumed>) = 0 [pid 6796] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6795] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... openat resumed>) = 5 [pid 6796] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6795] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... openat resumed>) = 6 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... mmap resumed>) = 0x7f6d360b6000 [pid 6796] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6797 attached [ 157.263237][ T6796] loop0: detected capacity change from 0 to 64 [pid 6797] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6795] <... clone3 resumed> => {parent_tid=[6797]}, 88) = 6797 [pid 6797] <... rseq resumed>) = 0 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6797] set_robust_list(0x7f6d360d69a0, 24 [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6797] <... set_robust_list resumed>) = 0 [pid 6795] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] <... futex resumed>) = 0 [pid 6797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6795] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6797] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6797] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] exit_group(0 [pid 6797] <... futex resumed>) = ? [pid 6796] <... futex resumed>) = ? [pid 6795] <... exit_group resumed>) = ? [pid 6797] +++ exited with 0 +++ [pid 6796] +++ exited with 0 +++ [pid 6795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6795, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./583", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./583/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./583/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./583/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./583/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./583/bus") = 0 umount2("./583/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./583/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./583") = 0 mkdir("./584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6798 ./strace-static-x86_64: Process 6798 attached [pid 6798] set_robust_list(0x5555564f6760, 24) = 0 [pid 6798] chdir("./584") = 0 [pid 6798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6798] setpgid(0, 0) = 0 [pid 6798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6798] write(3, "1000", 4) = 4 [pid 6798] close(3) = 0 [pid 6798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6798] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6798] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6799 attached [pid 6799] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6798] <... clone3 resumed> => {parent_tid=[6799]}, 88) = 6799 [pid 6799] <... rseq resumed>) = 0 [pid 6798] rt_sigprocmask(SIG_SETMASK, [], [pid 6799] set_robust_list(0x7f6d468e79a0, 24 [pid 6798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6799] <... set_robust_list resumed>) = 0 [pid 6798] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6798] <... futex resumed>) = 0 [pid 6799] memfd_create("syzkaller", 0 [pid 6798] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6799] <... memfd_create resumed>) = 3 [pid 6799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6799] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6799] close(3) = 0 [pid 6799] mkdir("./bus", 0777) = 0 [pid 6799] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6799] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6799] chdir("./bus") = 0 [pid 6799] ioctl(4, LOOP_CLR_FD) = 0 [pid 6799] close(4) = 0 [pid 6799] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... futex resumed>) = 0 [pid 6798] <... futex resumed>) = 1 [pid 6799] memfd_create("syzkaller", 0 [pid 6798] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6799] <... memfd_create resumed>) = 4 [pid 6799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6799] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6799] munmap(0x7f6d360cf000, 32768) = 0 [pid 6799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6799] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6799] ioctl(5, LOOP_CLR_FD) = 0 [pid 6799] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6799] close(5) = 0 [pid 6799] close(4) = 0 [pid 6799] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6799] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6798] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] <... openat resumed>) = 4 [pid 6799] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6799] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6798] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] <... write resumed>) = 12288 [pid 6799] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] <... futex resumed>) = 1 [pid 6799] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6799] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] <... futex resumed>) = 1 [pid 6798] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6799] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6799] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... futex resumed>) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6799] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6798] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6798] <... futex resumed>) = 0 [pid 6799] <... openat resumed>) = 6 [pid 6798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6799] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] <... mmap resumed>) = 0x7f6d360b6000 [pid 6798] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 157.389743][ T6799] loop0: detected capacity change from 0 to 64 [pid 6798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6800 attached => {parent_tid=[6800]}, 88) = 6800 [pid 6800] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6798] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] <... rseq resumed>) = 0 [pid 6800] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6800] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6800] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6800] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] exit_group(0 [pid 6800] <... futex resumed>) = ? [pid 6799] <... futex resumed>) = ? [pid 6798] <... exit_group resumed>) = ? [pid 6800] +++ exited with 0 +++ [pid 6799] +++ exited with 0 +++ [pid 6798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6798, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./584", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./584/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./584/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./584/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./584/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./584/bus") = 0 umount2("./584/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./584/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./584") = 0 mkdir("./585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6801 attached [pid 6801] set_robust_list(0x5555564f6760, 24 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6801 [pid 6801] <... set_robust_list resumed>) = 0 [pid 6801] chdir("./585") = 0 [pid 6801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6801] setpgid(0, 0) = 0 [pid 6801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6801] write(3, "1000", 4) = 4 [pid 6801] close(3) = 0 [pid 6801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6801] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6801] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6801] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6801] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6802 attached => {parent_tid=[6802]}, 88) = 6802 [pid 6801] rt_sigprocmask(SIG_SETMASK, [], [pid 6802] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6801] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... rseq resumed>) = 0 [pid 6801] <... futex resumed>) = 0 [pid 6801] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6802] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6802] memfd_create("syzkaller", 0) = 3 [pid 6802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6802] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6802] close(3) = 0 [pid 6802] mkdir("./bus", 0777) = 0 [pid 6802] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6802] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6802] chdir("./bus") = 0 [pid 6802] ioctl(4, LOOP_CLR_FD) = 0 [pid 6802] close(4) = 0 [pid 6802] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6801] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] memfd_create("syzkaller", 0 [pid 6801] <... futex resumed>) = 0 [pid 6802] <... memfd_create resumed>) = 4 [pid 6801] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6802] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6802] munmap(0x7f6d360cf000, 32768) = 0 [pid 6802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6802] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6802] ioctl(5, LOOP_CLR_FD) = 0 [pid 6802] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6802] close(5) = 0 [pid 6802] close(4) = 0 [pid 6802] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6802] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... futex resumed>) = 0 [pid 6801] <... futex resumed>) = 1 [pid 6802] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6801] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] <... openat resumed>) = 4 [pid 6802] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6802] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6801] <... futex resumed>) = 0 [pid 6802] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6801] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] <... write resumed>) = 12288 [pid 6802] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6801] <... futex resumed>) = 0 [pid 6802] <... futex resumed>) = 1 [pid 6801] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6801] <... futex resumed>) = 0 [pid 6802] <... mmap resumed>) = 0x20000000 [pid 6801] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6802] <... futex resumed>) = 0 [pid 6801] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6801] <... futex resumed>) = 0 [pid 6802] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6801] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] <... openat resumed>) = 5 [pid 6802] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6802] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6801] <... futex resumed>) = 0 [pid 6802] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6801] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6801] <... futex resumed>) = 0 [pid 6801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6802] <... openat resumed>) = 6 [pid 6801] <... mmap resumed>) = 0x7f6d360b6000 [pid 6802] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6802] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] <... mprotect resumed>) = 0 [pid 6801] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6803 attached [pid 6803] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6803] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6801] <... clone3 resumed> => {parent_tid=[6803]}, 88) = 6803 [pid 6803] rt_sigprocmask(SIG_SETMASK, [], [pid 6801] rt_sigprocmask(SIG_SETMASK, [], [pid 6803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6803] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6801] <... futex resumed>) = 0 [pid 6803] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6801] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... write resumed>) = -1 ENOSPC (No space left on device) [ 157.544484][ T6802] loop0: detected capacity change from 0 to 64 [pid 6803] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6803] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] exit_group(0 [pid 6803] <... futex resumed>) = ? [pid 6802] <... futex resumed>) = ? [pid 6801] <... exit_group resumed>) = ? [pid 6803] +++ exited with 0 +++ [pid 6802] +++ exited with 0 +++ [pid 6801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6801, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./585", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./585/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./585/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./585/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./585/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./585/bus") = 0 umount2("./585/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./585/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./585") = 0 mkdir("./586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6804 attached [pid 6804] set_robust_list(0x5555564f6760, 24) = 0 [pid 6804] chdir("./586") = 0 [pid 6804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6804] setpgid(0, 0) = 0 [pid 6804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6804 [pid 6804] <... openat resumed>) = 3 [pid 6804] write(3, "1000", 4) = 4 [pid 6804] close(3) = 0 [pid 6804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6804] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6804] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6804] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6805 attached => {parent_tid=[6805]}, 88) = 6805 [pid 6804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6805] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6804] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... rseq resumed>) = 0 [pid 6804] <... futex resumed>) = 0 [pid 6805] set_robust_list(0x7f6d468e79a0, 24 [pid 6804] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6805] <... set_robust_list resumed>) = 0 [pid 6805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6805] memfd_create("syzkaller", 0) = 3 [pid 6805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6805] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6805] close(3) = 0 [pid 6805] mkdir("./bus", 0777) = 0 [pid 6805] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6805] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6805] chdir("./bus") = 0 [pid 6805] ioctl(4, LOOP_CLR_FD) = 0 [pid 6805] close(4) = 0 [pid 6805] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6805] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6805] <... futex resumed>) = 0 [pid 6805] memfd_create("syzkaller", 0 [pid 6804] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6805] <... memfd_create resumed>) = 4 [pid 6805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6805] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6805] munmap(0x7f6d360cf000, 32768) = 0 [pid 6805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6805] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6805] ioctl(5, LOOP_CLR_FD) = 0 [pid 6805] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6805] close(5) = 0 [pid 6805] close(4) = 0 [pid 6805] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6805] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... futex resumed>) = 0 [pid 6804] <... futex resumed>) = 1 [pid 6805] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6805] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6804] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6804] <... futex resumed>) = 0 [pid 6805] <... write resumed>) = 12288 [pid 6804] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] <... futex resumed>) = 1 [pid 6805] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6805] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = 0 [pid 6804] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] <... futex resumed>) = 1 [pid 6805] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6805] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6805] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6804] <... futex resumed>) = 0 [pid 6805] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6804] <... futex resumed>) = 0 [pid 6805] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6804] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6804] <... futex resumed>) = 0 [ 157.684005][ T6805] loop0: detected capacity change from 0 to 64 [pid 6805] <... openat resumed>) = 6 [pid 6804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6804] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6805] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6805] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6806 attached => {parent_tid=[6806]}, 88) = 6806 [pid 6806] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6804] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6806] <... rseq resumed>) = 0 [pid 6806] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6806] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6806] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6804] <... futex resumed>) = 0 [pid 6806] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] exit_group(0 [pid 6806] <... futex resumed>) = ? [pid 6805] <... futex resumed>) = ? [pid 6804] <... exit_group resumed>) = ? [pid 6806] +++ exited with 0 +++ [pid 6805] +++ exited with 0 +++ [pid 6804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6804, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./586", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./586/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./586/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./586/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./586/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./586/bus") = 0 umount2("./586/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./586/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./586") = 0 mkdir("./587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6807 attached , child_tidptr=0x5555564f6750) = 6807 [pid 6807] set_robust_list(0x5555564f6760, 24) = 0 [pid 6807] chdir("./587") = 0 [pid 6807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6807] setpgid(0, 0) = 0 [pid 6807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6807] write(3, "1000", 4) = 4 [pid 6807] close(3) = 0 [pid 6807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6807] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6807] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6807] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6808]}, 88) = 6808 [pid 6807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6808 attached [pid 6808] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6808] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6808] memfd_create("syzkaller", 0) = 3 [pid 6808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6808] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6808] close(3) = 0 [pid 6808] mkdir("./bus", 0777) = 0 [pid 6808] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6808] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6808] chdir("./bus") = 0 [pid 6808] ioctl(4, LOOP_CLR_FD) = 0 [pid 6808] close(4) = 0 [pid 6808] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6807] <... futex resumed>) = 0 [pid 6808] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6807] <... futex resumed>) = 0 [pid 6808] memfd_create("syzkaller", 0) = 4 [pid 6807] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6808] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6808] munmap(0x7f6d360cf000, 32768) = 0 [pid 6808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6808] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6808] ioctl(5, LOOP_CLR_FD) = 0 [pid 6808] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6808] close(5) = 0 [pid 6808] close(4) = 0 [pid 6808] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = 0 [pid 6808] <... futex resumed>) = 1 [pid 6807] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6807] <... futex resumed>) = 0 [pid 6808] <... openat resumed>) = 4 [pid 6807] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = 0 [pid 6807] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] <... futex resumed>) = 1 [pid 6808] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6808] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = 0 [pid 6807] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] <... futex resumed>) = 1 [pid 6808] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6808] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = 0 [pid 6807] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = 1 [ 157.805089][ T6808] loop0: detected capacity change from 0 to 64 [pid 6808] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6807] <... futex resumed>) = 0 [pid 6807] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6808] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = 0 [pid 6807] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = 1 [pid 6808] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6807] <... futex resumed>) = 0 [pid 6808] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6808] <... openat resumed>) = 6 [pid 6807] <... mmap resumed>) = 0x7f6d360b6000 [pid 6807] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6808] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] <... mprotect resumed>) = 0 [pid 6807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6809 attached => {parent_tid=[6809]}, 88) = 6809 [pid 6809] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] <... rseq resumed>) = 0 [pid 6807] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6809] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6809] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... futex resumed>) = 0 [pid 6809] <... futex resumed>) = 1 [pid 6809] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] exit_group(0 [pid 6808] <... futex resumed>) = ? [pid 6809] <... futex resumed>) = ? [pid 6807] <... exit_group resumed>) = ? [pid 6809] +++ exited with 0 +++ [pid 6808] +++ exited with 0 +++ [pid 6807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6807, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./587", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./587/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./587/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./587/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./587/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./587/bus") = 0 umount2("./587/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./587/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./587") = 0 mkdir("./588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6810 attached , child_tidptr=0x5555564f6750) = 6810 [pid 6810] set_robust_list(0x5555564f6760, 24) = 0 [pid 6810] chdir("./588") = 0 [pid 6810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6810] setpgid(0, 0) = 0 [pid 6810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6810] write(3, "1000", 4) = 4 [pid 6810] close(3) = 0 [pid 6810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6810] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6810] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6811 attached [pid 6811] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6810] <... clone3 resumed> => {parent_tid=[6811]}, 88) = 6811 [pid 6811] set_robust_list(0x7f6d468e79a0, 24 [pid 6810] rt_sigprocmask(SIG_SETMASK, [], [pid 6811] <... set_robust_list resumed>) = 0 [pid 6810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6811] rt_sigprocmask(SIG_SETMASK, [], [pid 6810] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6810] <... futex resumed>) = 0 [pid 6811] memfd_create("syzkaller", 0 [pid 6810] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6811] <... memfd_create resumed>) = 3 [pid 6811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6811] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6811] close(3) = 0 [pid 6811] mkdir("./bus", 0777) = 0 [pid 6811] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6811] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6811] chdir("./bus") = 0 [pid 6811] ioctl(4, LOOP_CLR_FD) = 0 [pid 6811] close(4) = 0 [pid 6811] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6811] <... futex resumed>) = 1 [pid 6810] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] memfd_create("syzkaller", 0 [pid 6810] <... futex resumed>) = 0 [pid 6811] <... memfd_create resumed>) = 4 [pid 6810] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6811] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6811] munmap(0x7f6d360cf000, 32768) = 0 [pid 6811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6811] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6811] ioctl(5, LOOP_CLR_FD) = 0 [pid 6811] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6811] close(5) = 0 [pid 6811] close(4) = 0 [pid 6811] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6811] <... futex resumed>) = 1 [pid 6811] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6810] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... openat resumed>) = 4 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] <... futex resumed>) = 1 [pid 6811] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6811] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] <... futex resumed>) = 1 [pid 6811] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6811] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... futex resumed>) = 1 [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6811] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6811] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6811] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6811] <... futex resumed>) = 1 [pid 6810] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6810] <... futex resumed>) = 0 [pid 6810] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6810] <... futex resumed>) = 0 [pid 6810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6810] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6811] <... openat resumed>) = 6 [pid 6810] <... mprotect resumed>) = 0 [pid 6810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6811] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6811] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6812 attached [pid 6812] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6811] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6810] <... clone3 resumed> => {parent_tid=[6812]}, 88) = 6812 [pid 6812] <... rseq resumed>) = 0 [pid 6810] rt_sigprocmask(SIG_SETMASK, [], [pid 6812] set_robust_list(0x7f6d360d69a0, 24 [pid 6810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6812] <... set_robust_list resumed>) = 0 [pid 6810] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] rt_sigprocmask(SIG_SETMASK, [], [pid 6810] <... futex resumed>) = 0 [pid 6812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6810] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6812] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6812] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6812] <... futex resumed>) = 1 [pid 6812] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6810] exit_group(0 [pid 6812] <... futex resumed>) = ? [pid 6811] <... futex resumed>) = ? [pid 6810] <... exit_group resumed>) = ? [pid 6812] +++ exited with 0 +++ [pid 6811] +++ exited with 0 +++ [pid 6810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6810, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 157.919825][ T6811] loop0: detected capacity change from 0 to 64 umount2("./588", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./588/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./588/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./588/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./588/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./588/bus") = 0 umount2("./588/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./588/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./588") = 0 mkdir("./589", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6813 attached , child_tidptr=0x5555564f6750) = 6813 [pid 6813] set_robust_list(0x5555564f6760, 24) = 0 [pid 6813] chdir("./589") = 0 [pid 6813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6813] setpgid(0, 0) = 0 [pid 6813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6813] write(3, "1000", 4) = 4 [pid 6813] close(3) = 0 [pid 6813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6813] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6813] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6814 attached [pid 6814] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6813] <... clone3 resumed> => {parent_tid=[6814]}, 88) = 6814 [pid 6813] rt_sigprocmask(SIG_SETMASK, [], [pid 6814] <... rseq resumed>) = 0 [pid 6814] set_robust_list(0x7f6d468e79a0, 24 [pid 6813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6814] <... set_robust_list resumed>) = 0 [pid 6813] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] rt_sigprocmask(SIG_SETMASK, [], [pid 6813] <... futex resumed>) = 0 [pid 6814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6814] memfd_create("syzkaller", 0) = 3 [pid 6814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6813] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6814] <... write resumed>) = 32768 [pid 6814] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6814] close(3) = 0 [pid 6814] mkdir("./bus", 0777) = 0 [pid 6814] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6814] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6814] chdir("./bus") = 0 [pid 6814] ioctl(4, LOOP_CLR_FD) = 0 [pid 6814] close(4) = 0 [pid 6814] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6814] memfd_create("syzkaller", 0) = 4 [pid 6813] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6814] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6814] munmap(0x7f6d360cf000, 32768) = 0 [pid 6814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6814] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6814] ioctl(5, LOOP_CLR_FD) = 0 [pid 6814] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6814] close(5) = 0 [pid 6814] close(4) = 0 [pid 6814] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6813] <... futex resumed>) = 0 [pid 6814] <... openat resumed>) = 4 [pid 6813] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... futex resumed>) = 1 [pid 6814] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6814] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... futex resumed>) = 1 [pid 6814] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6814] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] <... futex resumed>) = 0 [pid 6813] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6814] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6814] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6814] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] <... futex resumed>) = 0 [ 158.048041][ T6814] loop0: detected capacity change from 0 to 64 [pid 6813] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... futex resumed>) = 0 [pid 6813] <... futex resumed>) = 1 [pid 6814] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6814] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6813] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6813] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6814] <... openat resumed>) = 6 [pid 6813] <... mprotect resumed>) = 0 [pid 6813] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6814] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6814] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6815 attached => {parent_tid=[6815]}, 88) = 6815 [pid 6815] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6815] set_robust_list(0x7f6d360d69a0, 24 [pid 6813] rt_sigprocmask(SIG_SETMASK, [], [pid 6815] <... set_robust_list resumed>) = 0 [pid 6813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6813] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6815] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6815] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... futex resumed>) = 0 [pid 6813] exit_group(0 [pid 6814] <... futex resumed>) = ? [pid 6813] <... exit_group resumed>) = ? [pid 6814] +++ exited with 0 +++ [pid 6815] <... futex resumed>) = ? [pid 6815] +++ exited with 0 +++ [pid 6813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6813, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./589", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./589/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./589/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./589/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./589/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./589/bus") = 0 umount2("./589/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./589/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./589") = 0 mkdir("./590", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6816 attached , child_tidptr=0x5555564f6750) = 6816 [pid 6816] set_robust_list(0x5555564f6760, 24) = 0 [pid 6816] chdir("./590") = 0 [pid 6816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6816] setpgid(0, 0) = 0 [pid 6816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6816] write(3, "1000", 4) = 4 [pid 6816] close(3) = 0 [pid 6816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6816] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6816] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6817 attached [pid 6817] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6816] <... clone3 resumed> => {parent_tid=[6817]}, 88) = 6817 [pid 6817] <... rseq resumed>) = 0 [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 6817] set_robust_list(0x7f6d468e79a0, 24 [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6817] <... set_robust_list resumed>) = 0 [pid 6816] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] <... futex resumed>) = 0 [pid 6817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6817] memfd_create("syzkaller", 0) = 3 [pid 6817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6817] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6817] close(3) = 0 [pid 6817] mkdir("./bus", 0777) = 0 [pid 6817] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6817] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6817] chdir("./bus") = 0 [pid 6817] ioctl(4, LOOP_CLR_FD) = 0 [pid 6817] close(4) = 0 [pid 6817] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6817] memfd_create("syzkaller", 0) = 4 [pid 6817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6817] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6817] munmap(0x7f6d360cf000, 32768) = 0 [pid 6817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6817] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6817] ioctl(5, LOOP_CLR_FD) = 0 [pid 6817] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6817] close(5) = 0 [pid 6817] close(4) = 0 [pid 6817] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6817] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6816] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] <... openat resumed>) = 4 [pid 6816] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6817] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 158.199623][ T6817] loop0: detected capacity change from 0 to 64 [pid 6817] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6817] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6816] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6817] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6817] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6817] <... futex resumed>) = 0 [pid 6816] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6816] <... futex resumed>) = 0 [pid 6817] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6817] <... openat resumed>) = 6 [pid 6816] <... mmap resumed>) = 0x7f6d360b6000 [pid 6817] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6817] <... futex resumed>) = 0 [pid 6816] <... mprotect resumed>) = 0 [pid 6817] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6818 attached [pid 6818] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6816] <... clone3 resumed> => {parent_tid=[6818]}, 88) = 6818 [pid 6818] <... rseq resumed>) = 0 [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 6818] set_robust_list(0x7f6d360d69a0, 24 [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6818] <... set_robust_list resumed>) = 0 [pid 6816] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] <... futex resumed>) = 0 [pid 6818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6818] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6818] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6818] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] exit_group(0 [pid 6818] <... futex resumed>) = ? [pid 6817] <... futex resumed>) = ? [pid 6816] <... exit_group resumed>) = ? [pid 6818] +++ exited with 0 +++ [pid 6817] +++ exited with 0 +++ [pid 6816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6816, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./590", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./590/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./590/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./590/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./590/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./590/bus") = 0 umount2("./590/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./590/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./590") = 0 mkdir("./591", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6819 ./strace-static-x86_64: Process 6819 attached [pid 6819] set_robust_list(0x5555564f6760, 24) = 0 [pid 6819] chdir("./591") = 0 [pid 6819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6819] setpgid(0, 0) = 0 [pid 6819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6819] write(3, "1000", 4) = 4 [pid 6819] close(3) = 0 [pid 6819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6819] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6819] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6819] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6820 attached [pid 6820] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6819] <... clone3 resumed> => {parent_tid=[6820]}, 88) = 6820 [pid 6820] <... rseq resumed>) = 0 [pid 6820] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6819] rt_sigprocmask(SIG_SETMASK, [], [pid 6820] rt_sigprocmask(SIG_SETMASK, [], [pid 6819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6819] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] memfd_create("syzkaller", 0 [pid 6819] <... futex resumed>) = 0 [pid 6820] <... memfd_create resumed>) = 3 [pid 6819] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6820] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6820] close(3) = 0 [pid 6820] mkdir("./bus", 0777) = 0 [pid 6820] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6820] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6820] chdir("./bus") = 0 [pid 6820] ioctl(4, LOOP_CLR_FD) = 0 [pid 6820] close(4) = 0 [pid 6820] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6820] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6819] <... futex resumed>) = 0 [pid 6819] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6820] <... futex resumed>) = 0 [pid 6820] memfd_create("syzkaller", 0) = 4 [pid 6820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6820] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6820] munmap(0x7f6d360cf000, 32768) = 0 [pid 6820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6820] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6820] ioctl(5, LOOP_CLR_FD) = 0 [pid 6820] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6820] close(5) = 0 [pid 6820] close(4) = 0 [pid 6820] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6820] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6819] <... futex resumed>) = 0 [pid 6819] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] <... futex resumed>) = 0 [pid 6819] <... futex resumed>) = 1 [pid 6820] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6819] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] <... openat resumed>) = 4 [pid 6820] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] <... futex resumed>) = 0 [pid 6820] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6819] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] <... write resumed>) = 12288 [pid 6820] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6820] <... futex resumed>) = 0 [pid 6819] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6819] <... futex resumed>) = 0 [pid 6819] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] <... mmap resumed>) = 0x20000000 [pid 6820] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] <... futex resumed>) = 0 [pid 6820] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6819] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6819] <... futex resumed>) = 0 [pid 6820] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6819] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6820] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] <... futex resumed>) = 0 [pid 6820] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6819] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6819] <... futex resumed>) = 0 [pid 6820] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6819] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] <... openat resumed>) = 6 [pid 6819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6820] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6820] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6819] <... mprotect resumed>) = 0 [ 158.350909][ T6820] loop0: detected capacity change from 0 to 64 [pid 6819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6821 attached [pid 6821] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6821] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6821] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6819] <... clone3 resumed> => {parent_tid=[6821]}, 88) = 6821 [pid 6819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6819] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... futex resumed>) = 0 [pid 6819] <... futex resumed>) = 1 [pid 6821] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6819] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6821] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6821] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... futex resumed>) = 0 [pid 6819] exit_group(0 [pid 6821] <... futex resumed>) = 1 [pid 6821] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6819] <... exit_group resumed>) = ? [pid 6821] <... futex resumed>) = ? [pid 6821] +++ exited with 0 +++ [pid 6820] <... futex resumed>) = ? [pid 6820] +++ exited with 0 +++ [pid 6819] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6819, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./591", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./591/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./591/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./591/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./591/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./591/bus") = 0 umount2("./591/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./591/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./591") = 0 mkdir("./592", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6822 ./strace-static-x86_64: Process 6822 attached [pid 6822] set_robust_list(0x5555564f6760, 24) = 0 [pid 6822] chdir("./592") = 0 [pid 6822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6822] setpgid(0, 0) = 0 [pid 6822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6822] write(3, "1000", 4) = 4 [pid 6822] close(3) = 0 [pid 6822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6822] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6822] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6823]}, 88) = 6823 [pid 6822] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6823 attached NULL, 8) = 0 [pid 6823] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6822] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] <... rseq resumed>) = 0 [pid 6822] <... futex resumed>) = 0 [pid 6823] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6822] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6823] memfd_create("syzkaller", 0) = 3 [pid 6823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6823] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6823] close(3) = 0 [pid 6823] mkdir("./bus", 0777) = 0 [pid 6823] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6823] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6823] chdir("./bus") = 0 [pid 6823] ioctl(4, LOOP_CLR_FD) = 0 [pid 6823] close(4) = 0 [pid 6823] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] <... futex resumed>) = 1 [pid 6823] memfd_create("syzkaller", 0) = 4 [pid 6823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6823] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6823] munmap(0x7f6d360cf000, 32768) = 0 [pid 6823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6823] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6823] ioctl(5, LOOP_CLR_FD) = 0 [pid 6823] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6823] close(5) = 0 [pid 6823] close(4) = 0 [pid 6823] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] <... futex resumed>) = 1 [pid 6823] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6823] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6823] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] <... futex resumed>) = 1 [pid 6823] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6823] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6823] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6823] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6823] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6822] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6823] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6822] <... mprotect resumed>) = 0 [pid 6822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6823] <... openat resumed>) = 6 [pid 6823] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6824 attached [pid 6823] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] <... clone3 resumed> => {parent_tid=[6824]}, 88) = 6824 [ 158.485506][ T6823] loop0: detected capacity change from 0 to 64 [pid 6824] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6822] rt_sigprocmask(SIG_SETMASK, [], [pid 6824] <... rseq resumed>) = 0 [pid 6822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6824] set_robust_list(0x7f6d360d69a0, 24 [pid 6822] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... set_robust_list resumed>) = 0 [pid 6822] <... futex resumed>) = 0 [pid 6824] rt_sigprocmask(SIG_SETMASK, [], [pid 6822] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6824] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6824] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6824] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] exit_group(0) = ? [pid 6824] <... futex resumed>) = ? [pid 6824] +++ exited with 0 +++ [pid 6823] <... futex resumed>) = ? [pid 6823] +++ exited with 0 +++ [pid 6822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6822, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./592", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./592/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./592/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./592/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./592/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./592/bus") = 0 umount2("./592/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./592/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./592") = 0 mkdir("./593", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6825 attached , child_tidptr=0x5555564f6750) = 6825 [pid 6825] set_robust_list(0x5555564f6760, 24) = 0 [pid 6825] chdir("./593") = 0 [pid 6825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6825] setpgid(0, 0) = 0 [pid 6825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6825] write(3, "1000", 4) = 4 [pid 6825] close(3) = 0 [pid 6825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6825] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6825] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6826 attached => {parent_tid=[6826]}, 88) = 6826 [pid 6825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6825] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6826] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6826] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6826] memfd_create("syzkaller", 0) = 3 [pid 6826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6826] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6826] close(3) = 0 [pid 6826] mkdir("./bus", 0777) = 0 [pid 6826] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6826] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6826] chdir("./bus") = 0 [pid 6826] ioctl(4, LOOP_CLR_FD) = 0 [pid 6826] close(4) = 0 [pid 6826] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6826] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6826] memfd_create("syzkaller", 0 [pid 6825] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6826] <... memfd_create resumed>) = 4 [pid 6826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6826] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6826] munmap(0x7f6d360cf000, 32768) = 0 [pid 6826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6826] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6826] ioctl(5, LOOP_CLR_FD) = 0 [pid 6826] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6826] close(5) = 0 [pid 6826] close(4) = 0 [pid 6826] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... futex resumed>) = 0 [pid 6826] <... futex resumed>) = 1 [pid 6825] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6825] <... futex resumed>) = 0 [pid 6826] <... openat resumed>) = 4 [pid 6825] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] <... futex resumed>) = 1 [pid 6826] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6826] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] <... futex resumed>) = 1 [pid 6826] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6826] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... futex resumed>) = 1 [pid 6826] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6826] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 158.631468][ T6826] loop0: detected capacity change from 0 to 64 [pid 6825] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... futex resumed>) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6826] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6826] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6825] <... mmap resumed>) = 0x7f6d360b6000 [pid 6826] <... openat resumed>) = 6 [pid 6825] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6825] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6826] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6826] <... futex resumed>) = 0 [pid 6825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6826] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6827 attached [pid 6827] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6827] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6825] <... clone3 resumed> => {parent_tid=[6827]}, 88) = 6827 [pid 6827] rt_sigprocmask(SIG_SETMASK, [], [pid 6825] rt_sigprocmask(SIG_SETMASK, [], [pid 6827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6825] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6827] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6825] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6827] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6827] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] exit_group(0 [pid 6827] <... futex resumed>) = ? [pid 6825] <... exit_group resumed>) = ? [pid 6827] +++ exited with 0 +++ [pid 6826] <... futex resumed>) = ? [pid 6826] +++ exited with 0 +++ [pid 6825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6825, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./593", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./593/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./593/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./593/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./593/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./593/bus") = 0 umount2("./593/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./593/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./593") = 0 mkdir("./594", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6828 attached , child_tidptr=0x5555564f6750) = 6828 [pid 6828] set_robust_list(0x5555564f6760, 24) = 0 [pid 6828] chdir("./594") = 0 [pid 6828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6828] setpgid(0, 0) = 0 [pid 6828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6828] write(3, "1000", 4) = 4 [pid 6828] close(3) = 0 [pid 6828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6828] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6828] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6829 attached [pid 6829] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6828] <... clone3 resumed> => {parent_tid=[6829]}, 88) = 6829 [pid 6829] set_robust_list(0x7f6d468e79a0, 24 [pid 6828] rt_sigprocmask(SIG_SETMASK, [], [pid 6829] <... set_robust_list resumed>) = 0 [pid 6828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6829] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6828] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6829] memfd_create("syzkaller", 0) = 3 [pid 6829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6829] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6829] close(3) = 0 [pid 6829] mkdir("./bus", 0777) = 0 [pid 6829] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6829] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6829] chdir("./bus") = 0 [pid 6829] ioctl(4, LOOP_CLR_FD) = 0 [pid 6829] close(4) = 0 [pid 6829] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6828] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] memfd_create("syzkaller", 0) = 4 [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6829] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6829] munmap(0x7f6d360cf000, 32768) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6829] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6829] ioctl(5, LOOP_CLR_FD) = 0 [pid 6829] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6829] close(5) = 0 [pid 6829] close(4) = 0 [pid 6829] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6828] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... openat resumed>) = 4 [pid 6828] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] <... futex resumed>) = 1 [pid 6829] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6829] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] <... futex resumed>) = 1 [pid 6829] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6829] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] <... futex resumed>) = 0 [pid 6829] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6828] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6829] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] <... openat resumed>) = 5 [pid 6829] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] <... futex resumed>) = 0 [pid 6829] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6828] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6828] <... futex resumed>) = 0 [pid 6829] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6828] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6829] <... openat resumed>) = 6 [pid 6829] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... mmap resumed>) = 0x7f6d360b6000 [pid 6829] <... futex resumed>) = 0 [pid 6829] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6830 attached [pid 6830] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6830] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6830] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] <... clone3 resumed> => {parent_tid=[6830]}, 88) = 6830 [pid 6828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6828] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = 0 [pid 6828] <... futex resumed>) = 1 [pid 6830] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6828] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6830] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6830] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] exit_group(0) = ? [pid 6829] <... futex resumed>) = ? [pid 6830] <... futex resumed>) = ? [ 158.778715][ T6829] loop0: detected capacity change from 0 to 64 [pid 6830] +++ exited with 0 +++ [pid 6829] +++ exited with 0 +++ [pid 6828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6828, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./594", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./594/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./594/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./594/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./594/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./594/bus") = 0 umount2("./594/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./594/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./594") = 0 mkdir("./595", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6831 ./strace-static-x86_64: Process 6831 attached [pid 6831] set_robust_list(0x5555564f6760, 24) = 0 [pid 6831] chdir("./595") = 0 [pid 6831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6831] setpgid(0, 0) = 0 [pid 6831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6831] write(3, "1000", 4) = 4 [pid 6831] close(3) = 0 [pid 6831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6831] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6831] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6832 attached => {parent_tid=[6832]}, 88) = 6832 [pid 6832] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6831] rt_sigprocmask(SIG_SETMASK, [], [pid 6832] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6832] rt_sigprocmask(SIG_SETMASK, [], [pid 6831] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6832] memfd_create("syzkaller", 0 [pid 6831] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6832] <... memfd_create resumed>) = 3 [pid 6832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6832] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6832] close(3) = 0 [pid 6832] mkdir("./bus", 0777) = 0 [pid 6832] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6832] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6832] chdir("./bus") = 0 [pid 6832] ioctl(4, LOOP_CLR_FD) = 0 [pid 6832] close(4) = 0 [pid 6832] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] memfd_create("syzkaller", 0) = 4 [pid 6832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6831] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6832] <... mmap resumed>) = 0x7f6d360cf000 [pid 6832] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6832] munmap(0x7f6d360cf000, 32768) = 0 [pid 6832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6832] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6832] ioctl(5, LOOP_CLR_FD) = 0 [pid 6832] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6832] close(5) = 0 [pid 6832] close(4) = 0 [pid 6832] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] <... futex resumed>) = 1 [pid 6832] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6832] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] <... futex resumed>) = 1 [pid 6832] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6832] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] <... futex resumed>) = 1 [pid 6831] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6832] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6832] <... futex resumed>) = 1 [pid 6831] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6831] <... futex resumed>) = 0 [ 158.901845][ T6832] loop0: detected capacity change from 0 to 64 [pid 6831] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6832] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6832] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6832] <... futex resumed>) = 1 [pid 6831] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6832] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6831] <... futex resumed>) = 0 [pid 6832] <... openat resumed>) = 6 [pid 6831] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6832] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6831] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6833 attached => {parent_tid=[6833]}, 88) = 6833 [pid 6833] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6831] rt_sigprocmask(SIG_SETMASK, [], [pid 6833] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6833] rt_sigprocmask(SIG_SETMASK, [], [pid 6831] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6833] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6831] <... futex resumed>) = 0 [pid 6833] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6831] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6833] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6831] exit_group(0 [pid 6833] <... futex resumed>) = ? [pid 6832] <... futex resumed>) = ? [pid 6831] <... exit_group resumed>) = ? [pid 6833] +++ exited with 0 +++ [pid 6832] +++ exited with 0 +++ [pid 6831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6831, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./595", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./595/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./595/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./595/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./595/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./595/bus") = 0 umount2("./595/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./595/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./595") = 0 mkdir("./596", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6834 attached , child_tidptr=0x5555564f6750) = 6834 [pid 6834] set_robust_list(0x5555564f6760, 24) = 0 [pid 6834] chdir("./596") = 0 [pid 6834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6834] setpgid(0, 0) = 0 [pid 6834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6834] write(3, "1000", 4) = 4 [pid 6834] close(3) = 0 [pid 6834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6834] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6834] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6835 attached [pid 6835] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6834] <... clone3 resumed> => {parent_tid=[6835]}, 88) = 6835 [pid 6835] <... rseq resumed>) = 0 [pid 6835] set_robust_list(0x7f6d468e79a0, 24 [pid 6834] rt_sigprocmask(SIG_SETMASK, [], [pid 6835] <... set_robust_list resumed>) = 0 [pid 6835] rt_sigprocmask(SIG_SETMASK, [], [pid 6834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6834] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] memfd_create("syzkaller", 0 [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6835] <... memfd_create resumed>) = 3 [pid 6835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6835] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6835] close(3) = 0 [pid 6835] mkdir("./bus", 0777) = 0 [pid 6835] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6835] chdir("./bus") = 0 [pid 6835] ioctl(4, LOOP_CLR_FD) = 0 [pid 6835] close(4) = 0 [pid 6835] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6835] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = 0 [pid 6834] <... futex resumed>) = 1 [pid 6835] memfd_create("syzkaller", 0) = 4 [pid 6834] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6835] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6835] munmap(0x7f6d360cf000, 32768) = 0 [pid 6835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6835] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6835] ioctl(5, LOOP_CLR_FD) = 0 [pid 6835] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6835] close(5) = 0 [pid 6835] close(4) = 0 [pid 6835] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6834] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... openat resumed>) = 4 [pid 6835] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6835] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6835] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6834] <... futex resumed>) = 0 [pid 6835] <... write resumed>) = 12288 [pid 6834] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... futex resumed>) = 1 [pid 6835] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6835] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6835] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 0 [pid 6834] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6835] <... futex resumed>) = 1 [pid 6835] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6834] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6835] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6834] <... mprotect resumed>) = 0 [pid 6835] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6835] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6836]}, 88) = 6836 [pid 6834] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6836 attached NULL, 8) = 0 [pid 6834] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6834] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6836] <... rseq resumed>) = 0 [pid 6836] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6836] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [ 159.017907][ T6835] loop0: detected capacity change from 0 to 64 [pid 6836] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6836] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] <... futex resumed>) = 0 [pid 6834] exit_group(0 [pid 6836] <... futex resumed>) = ? [pid 6834] <... exit_group resumed>) = ? [pid 6836] +++ exited with 0 +++ [pid 6835] <... futex resumed>) = ? [pid 6835] +++ exited with 0 +++ [pid 6834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6834, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./596", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./596/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./596/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./596/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./596/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./596/bus") = 0 umount2("./596/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./596/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./596") = 0 mkdir("./597", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6837 attached , child_tidptr=0x5555564f6750) = 6837 [pid 6837] set_robust_list(0x5555564f6760, 24) = 0 [pid 6837] chdir("./597") = 0 [pid 6837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6837] setpgid(0, 0) = 0 [pid 6837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6837] write(3, "1000", 4) = 4 [pid 6837] close(3) = 0 [pid 6837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6837] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6837] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6838 attached => {parent_tid=[6838]}, 88) = 6838 [pid 6838] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6837] rt_sigprocmask(SIG_SETMASK, [], [pid 6838] <... rseq resumed>) = 0 [pid 6837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6838] set_robust_list(0x7f6d468e79a0, 24 [pid 6837] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... set_robust_list resumed>) = 0 [pid 6838] rt_sigprocmask(SIG_SETMASK, [], [pid 6837] <... futex resumed>) = 0 [pid 6838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6837] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6838] memfd_create("syzkaller", 0) = 3 [pid 6838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6838] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6838] close(3) = 0 [pid 6838] mkdir("./bus", 0777) = 0 [pid 6838] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6838] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6838] chdir("./bus") = 0 [pid 6838] ioctl(4, LOOP_CLR_FD) = 0 [pid 6838] close(4) = 0 [pid 6838] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] memfd_create("syzkaller", 0 [pid 6837] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6838] <... memfd_create resumed>) = 4 [pid 6838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6838] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6838] munmap(0x7f6d360cf000, 32768) = 0 [pid 6838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6838] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6838] ioctl(5, LOOP_CLR_FD) = 0 [pid 6838] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6838] close(5) = 0 [pid 6838] close(4) = 0 [pid 6838] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... openat resumed>) = 4 [pid 6838] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = 0 [pid 6838] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6837] <... futex resumed>) = 1 [pid 6837] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... write resumed>) = 12288 [pid 6838] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6837] <... futex resumed>) = 0 [pid 6838] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6837] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... mmap resumed>) = 0x20000000 [pid 6838] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6837] <... futex resumed>) = 0 [pid 6838] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6837] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6838] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6837] <... futex resumed>) = 0 [pid 6838] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6837] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6837] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6838] <... openat resumed>) = 6 [pid 6837] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6838] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6839 attached [pid 6838] <... futex resumed>) = 0 [pid 6838] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6839] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6839] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6839] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] <... clone3 resumed> => {parent_tid=[6839]}, 88) = 6839 [pid 6837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6837] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6839] <... futex resumed>) = 0 [pid 6837] <... futex resumed>) = 1 [pid 6839] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6837] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6839] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 159.127756][ T6838] loop0: detected capacity change from 0 to 64 [pid 6837] exit_group(0 [pid 6838] <... futex resumed>) = ? [pid 6837] <... exit_group resumed>) = ? [pid 6839] <... futex resumed>) = ? [pid 6839] +++ exited with 0 +++ [pid 6838] +++ exited with 0 +++ [pid 6837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6837, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./597", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./597/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./597/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./597/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./597/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./597/bus") = 0 umount2("./597/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./597/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./597") = 0 mkdir("./598", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6840 attached , child_tidptr=0x5555564f6750) = 6840 [pid 6840] set_robust_list(0x5555564f6760, 24) = 0 [pid 6840] chdir("./598") = 0 [pid 6840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6840] setpgid(0, 0) = 0 [pid 6840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6840] write(3, "1000", 4) = 4 [pid 6840] close(3) = 0 [pid 6840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6840] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6840] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6841 attached [pid 6841] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6840] <... clone3 resumed> => {parent_tid=[6841]}, 88) = 6841 [pid 6841] <... rseq resumed>) = 0 [pid 6841] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6841] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6840] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6841] <... futex resumed>) = 0 [pid 6840] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6841] memfd_create("syzkaller", 0) = 3 [pid 6841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6841] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6841] close(3) = 0 [pid 6841] mkdir("./bus", 0777) = 0 [pid 6841] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6841] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6841] chdir("./bus") = 0 [pid 6841] ioctl(4, LOOP_CLR_FD) = 0 [pid 6841] close(4) = 0 [pid 6841] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6841] <... futex resumed>) = 1 [pid 6840] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] memfd_create("syzkaller", 0 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6841] <... memfd_create resumed>) = 4 [pid 6841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6841] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6841] munmap(0x7f6d360cf000, 32768) = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6841] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6841] ioctl(5, LOOP_CLR_FD) = 0 [pid 6841] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6841] close(5) = 0 [pid 6841] close(4) = 0 [pid 6841] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... openat resumed>) = 4 [pid 6841] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... futex resumed>) = 1 [ 159.263092][ T6841] loop0: detected capacity change from 0 to 64 [pid 6841] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6841] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6840] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... mmap resumed>) = 0x20000000 [pid 6841] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6841] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... futex resumed>) = 0 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6840] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6840] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... openat resumed>) = 5 [pid 6841] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6840] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6840] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... openat resumed>) = 6 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6841] <... futex resumed>) = 0 [pid 6841] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... mmap resumed>) = 0x7f6d360b6000 [pid 6840] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6842 attached [pid 6842] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6842] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6840] <... clone3 resumed> => {parent_tid=[6842]}, 88) = 6842 [pid 6842] rt_sigprocmask(SIG_SETMASK, [], [pid 6840] rt_sigprocmask(SIG_SETMASK, [], [pid 6842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6842] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6842] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6840] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6842] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... futex resumed>) = 0 [pid 6840] exit_group(0) = ? [pid 6842] <... futex resumed>) = ? [pid 6841] <... futex resumed>) = ? [pid 6842] +++ exited with 0 +++ [pid 6841] +++ exited with 0 +++ [pid 6840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6840, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./598", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./598/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./598/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./598/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./598/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./598/bus") = 0 umount2("./598/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./598/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./598") = 0 mkdir("./599", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6843 attached , child_tidptr=0x5555564f6750) = 6843 [pid 6843] set_robust_list(0x5555564f6760, 24) = 0 [pid 6843] chdir("./599") = 0 [pid 6843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6843] setpgid(0, 0) = 0 [pid 6843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6843] write(3, "1000", 4) = 4 [pid 6843] close(3) = 0 [pid 6843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6843] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6843] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6843] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6844 attached [pid 6844] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6843] <... clone3 resumed> => {parent_tid=[6844]}, 88) = 6844 [pid 6844] <... rseq resumed>) = 0 [pid 6843] rt_sigprocmask(SIG_SETMASK, [], [pid 6844] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6844] rt_sigprocmask(SIG_SETMASK, [], [pid 6843] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6843] <... futex resumed>) = 0 [pid 6844] memfd_create("syzkaller", 0 [pid 6843] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6844] <... memfd_create resumed>) = 3 [pid 6844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6844] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6844] close(3) = 0 [pid 6844] mkdir("./bus", 0777) = 0 [pid 6844] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6844] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6844] chdir("./bus") = 0 [pid 6844] ioctl(4, LOOP_CLR_FD) = 0 [pid 6844] close(4) = 0 [pid 6844] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] <... futex resumed>) = 0 [pid 6843] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6844] memfd_create("syzkaller", 0) = 4 [pid 6844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6844] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6844] munmap(0x7f6d360cf000, 32768) = 0 [pid 6844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6844] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6844] ioctl(5, LOOP_CLR_FD) = 0 [pid 6844] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6844] close(5) = 0 [pid 6844] close(4) = 0 [pid 6844] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6844] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6843] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... openat resumed>) = 4 [pid 6844] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] <... futex resumed>) = 0 [pid 6844] <... futex resumed>) = 0 [pid 6843] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6843] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... futex resumed>) = 0 [pid 6843] <... futex resumed>) = 1 [pid 6844] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6843] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... write resumed>) = 12288 [pid 6844] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... futex resumed>) = 0 [pid 6843] <... futex resumed>) = 1 [pid 6844] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6843] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... mmap resumed>) = 0x20000000 [pid 6844] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6843] <... futex resumed>) = 0 [pid 6844] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6843] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... openat resumed>) = 5 [pid 6844] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... futex resumed>) = 1 [pid 6844] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6843] <... futex resumed>) = 0 [pid 6843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6843] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6844] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] <... mprotect resumed>) = 0 [pid 6844] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6845 attached => {parent_tid=[6845]}, 88) = 6845 [pid 6845] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6843] rt_sigprocmask(SIG_SETMASK, [], [pid 6845] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6845] rt_sigprocmask(SIG_SETMASK, [], [pid 6843] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6845] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6845] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6845] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] exit_group(0 [pid 6845] <... futex resumed>) = ? [pid 6844] <... futex resumed>) = ? [pid 6843] <... exit_group resumed>) = ? [pid 6845] +++ exited with 0 +++ [pid 6844] +++ exited with 0 +++ [pid 6843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6843, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./599", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 159.394036][ T6844] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./599/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./599/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./599/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./599/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./599/bus") = 0 umount2("./599/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./599/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./599") = 0 mkdir("./600", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6846 attached , child_tidptr=0x5555564f6750) = 6846 [pid 6846] set_robust_list(0x5555564f6760, 24) = 0 [pid 6846] chdir("./600") = 0 [pid 6846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6846] setpgid(0, 0) = 0 [pid 6846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6846] write(3, "1000", 4) = 4 [pid 6846] close(3) = 0 [pid 6846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6846] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6846] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6847]}, 88) = 6847 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6846] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6847 attached [pid 6847] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6847] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6847] memfd_create("syzkaller", 0) = 3 [pid 6847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6847] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6847] close(3) = 0 [pid 6847] mkdir("./bus", 0777) = 0 [pid 6847] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6847] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6847] chdir("./bus") = 0 [pid 6847] ioctl(4, LOOP_CLR_FD) = 0 [pid 6847] close(4) = 0 [pid 6847] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... futex resumed>) = 0 [pid 6847] <... futex resumed>) = 1 [pid 6846] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] memfd_create("syzkaller", 0 [pid 6846] <... futex resumed>) = 0 [pid 6847] <... memfd_create resumed>) = 4 [pid 6846] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6847] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6847] munmap(0x7f6d360cf000, 32768) = 0 [pid 6847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6847] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6847] ioctl(5, LOOP_CLR_FD) = 0 [pid 6847] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6847] close(5) = 0 [pid 6847] close(4) = 0 [pid 6847] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6847] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... futex resumed>) = 0 [pid 6846] <... futex resumed>) = 1 [pid 6846] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6847] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6847] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... futex resumed>) = 0 [pid 6846] <... futex resumed>) = 1 [pid 6847] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6846] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] <... write resumed>) = 12288 [pid 6847] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] <... futex resumed>) = 1 [pid 6847] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6847] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6847] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6847] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6847] <... futex resumed>) = 1 [pid 6846] <... mmap resumed>) = 0x7f6d360b6000 [pid 6847] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6847] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6846] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6847] <... openat resumed>) = 6 [pid 6846] <... mprotect resumed>) = 0 [pid 6846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 159.499306][ T6847] loop0: detected capacity change from 0 to 64 [pid 6846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6848 attached => {parent_tid=[6848]}, 88) = 6848 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], [pid 6847] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6847] <... futex resumed>) = 0 [pid 6846] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] <... futex resumed>) = 0 [pid 6848] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6848] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6846] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6848] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6848] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6848] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] exit_group(0 [pid 6847] <... futex resumed>) = ? [pid 6846] <... exit_group resumed>) = ? [pid 6848] <... futex resumed>) = ? [pid 6847] +++ exited with 0 +++ [pid 6848] +++ exited with 0 +++ [pid 6846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6846, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./600", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./600/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./600/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./600/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./600/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./600/bus") = 0 umount2("./600/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./600/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./600") = 0 mkdir("./601", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6849 attached , child_tidptr=0x5555564f6750) = 6849 [pid 6849] set_robust_list(0x5555564f6760, 24) = 0 [pid 6849] chdir("./601") = 0 [pid 6849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6849] setpgid(0, 0) = 0 [pid 6849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6849] write(3, "1000", 4) = 4 [pid 6849] close(3) = 0 [pid 6849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6849] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6849] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6850 attached => {parent_tid=[6850]}, 88) = 6850 [pid 6850] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6849] rt_sigprocmask(SIG_SETMASK, [], [pid 6850] <... rseq resumed>) = 0 [pid 6849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6850] set_robust_list(0x7f6d468e79a0, 24 [pid 6849] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... set_robust_list resumed>) = 0 [pid 6849] <... futex resumed>) = 0 [pid 6850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6849] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6850] memfd_create("syzkaller", 0) = 3 [pid 6850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6850] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6850] close(3) = 0 [pid 6850] mkdir("./bus", 0777) = 0 [pid 6850] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6850] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6850] chdir("./bus") = 0 [pid 6850] ioctl(4, LOOP_CLR_FD) = 0 [pid 6850] close(4) = 0 [pid 6850] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6850] memfd_create("syzkaller", 0) = 4 [pid 6850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6850] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6850] munmap(0x7f6d360cf000, 32768) = 0 [pid 6850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6850] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6850] ioctl(5, LOOP_CLR_FD) = 0 [pid 6850] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6850] close(5) = 0 [pid 6850] close(4) = 0 [pid 6850] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6850] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6849] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6850] <... futex resumed>) = 0 [pid 6849] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6850] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6850] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6849] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6850] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6849] <... futex resumed>) = 0 [pid 6850] <... mmap resumed>) = 0x20000000 [pid 6849] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... futex resumed>) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6850] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6849] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6850] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6850] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6849] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6849] <... futex resumed>) = 0 [pid 6850] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6849] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6849] <... futex resumed>) = 0 [pid 6849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6850] <... openat resumed>) = 6 [pid 6849] <... mmap resumed>) = 0x7f6d360b6000 [pid 6849] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6850] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6850] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6851 attached => {parent_tid=[6851]}, 88) = 6851 [pid 6849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6849] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 159.633051][ T6850] loop0: detected capacity change from 0 to 64 [pid 6849] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6851] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6851] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6851] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6851] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6851] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6849] <... futex resumed>) = 0 [pid 6849] exit_group(0 [pid 6851] <... futex resumed>) = ? [pid 6850] <... futex resumed>) = ? [pid 6849] <... exit_group resumed>) = ? [pid 6851] +++ exited with 0 +++ [pid 6850] +++ exited with 0 +++ [pid 6849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6849, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./601", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./601/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./601/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./601/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./601/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./601/bus") = 0 umount2("./601/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./601/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./601") = 0 mkdir("./602", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6852 attached , child_tidptr=0x5555564f6750) = 6852 [pid 6852] set_robust_list(0x5555564f6760, 24) = 0 [pid 6852] chdir("./602") = 0 [pid 6852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6852] setpgid(0, 0) = 0 [pid 6852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6852] write(3, "1000", 4) = 4 [pid 6852] close(3) = 0 [pid 6852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6852] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6852] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6852] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6853]}, 88) = 6853 [pid 6852] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6853 attached [pid 6853] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6853] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6852] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6852] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6853] memfd_create("syzkaller", 0) = 3 [pid 6853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6853] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6853] close(3) = 0 [pid 6853] mkdir("./bus", 0777) = 0 [pid 6853] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6853] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6853] chdir("./bus") = 0 [pid 6853] ioctl(4, LOOP_CLR_FD) = 0 [pid 6853] close(4) = 0 [pid 6853] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6852] <... futex resumed>) = 0 [pid 6853] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6852] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6852] <... futex resumed>) = 0 [pid 6853] memfd_create("syzkaller", 0 [pid 6852] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6853] <... memfd_create resumed>) = 4 [pid 6853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6853] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6853] munmap(0x7f6d360cf000, 32768) = 0 [pid 6853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6853] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6853] ioctl(5, LOOP_CLR_FD) = 0 [pid 6853] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6853] close(5) = 0 [pid 6853] close(4) = 0 [pid 6853] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6853] <... futex resumed>) = 1 [pid 6852] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6852] <... futex resumed>) = 0 [pid 6853] <... openat resumed>) = 4 [pid 6852] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6852] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6852] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] <... futex resumed>) = 1 [pid 6853] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6853] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6852] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6853] <... futex resumed>) = 1 [pid 6852] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6853] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6853] <... futex resumed>) = 1 [pid 6853] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6852] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6852] <... futex resumed>) = 0 [pid 6853] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6852] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6853] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6853] <... futex resumed>) = 1 [pid 6853] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6852] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6853] <... futex resumed>) = 0 [pid 6852] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6852] <... futex resumed>) = 0 [pid 6853] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6853] <... openat resumed>) = 6 [pid 6852] <... mmap resumed>) = 0x7f6d360b6000 [pid 6853] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6853] <... futex resumed>) = 0 [pid 6852] <... mprotect resumed>) = 0 [pid 6853] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 159.764234][ T6853] loop0: detected capacity change from 0 to 64 [pid 6852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6854 attached => {parent_tid=[6854]}, 88) = 6854 [pid 6854] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6852] rt_sigprocmask(SIG_SETMASK, [], [pid 6854] set_robust_list(0x7f6d360d69a0, 24 [pid 6852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6854] <... set_robust_list resumed>) = 0 [pid 6854] rt_sigprocmask(SIG_SETMASK, [], [pid 6852] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6852] <... futex resumed>) = 0 [pid 6854] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6852] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6854] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6854] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6854] <... futex resumed>) = 1 [pid 6852] exit_group(0 [pid 6854] +++ exited with 0 +++ [pid 6853] <... futex resumed>) = ? [pid 6852] <... exit_group resumed>) = ? [pid 6853] +++ exited with 0 +++ [pid 6852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6852, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./602", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./602/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./602/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./602/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./602/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./602/bus") = 0 umount2("./602/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./602/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./602") = 0 mkdir("./603", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6855 attached , child_tidptr=0x5555564f6750) = 6855 [pid 6855] set_robust_list(0x5555564f6760, 24) = 0 [pid 6855] chdir("./603") = 0 [pid 6855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6855] setpgid(0, 0) = 0 [pid 6855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6855] write(3, "1000", 4) = 4 [pid 6855] close(3) = 0 [pid 6855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6855] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6855] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6855] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6856]}, 88) = 6856 [pid 6855] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6856 attached NULL, 8) = 0 [pid 6855] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6855] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6856] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6856] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6856] memfd_create("syzkaller", 0) = 3 [pid 6856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6856] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6856] close(3) = 0 [pid 6856] mkdir("./bus", 0777) = 0 [pid 6856] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6856] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6856] chdir("./bus") = 0 [pid 6856] ioctl(4, LOOP_CLR_FD) = 0 [pid 6856] close(4) = 0 [pid 6856] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6856] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6855] <... futex resumed>) = 0 [pid 6855] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] <... futex resumed>) = 0 [pid 6855] <... futex resumed>) = 1 [pid 6856] memfd_create("syzkaller", 0 [pid 6855] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6856] <... memfd_create resumed>) = 4 [pid 6856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6856] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6856] munmap(0x7f6d360cf000, 32768) = 0 [pid 6856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6856] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6856] ioctl(5, LOOP_CLR_FD) = 0 [pid 6856] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6856] close(5) = 0 [pid 6856] close(4) = 0 [pid 6856] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = 0 [pid 6856] <... futex resumed>) = 1 [pid 6855] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6855] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... openat resumed>) = 4 [pid 6856] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = 0 [pid 6855] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6855] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... futex resumed>) = 1 [pid 6856] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6856] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = 0 [pid 6856] <... futex resumed>) = 1 [pid 6855] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6855] <... futex resumed>) = 0 [ 159.891432][ T6856] loop0: detected capacity change from 0 to 64 [pid 6855] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = 0 [pid 6856] <... futex resumed>) = 1 [pid 6855] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6855] <... futex resumed>) = 0 [pid 6855] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6856] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = 0 [pid 6856] <... futex resumed>) = 1 [pid 6855] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6855] <... futex resumed>) = 0 [pid 6855] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6855] <... futex resumed>) = 0 [pid 6855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6856] <... openat resumed>) = 6 [pid 6856] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6855] <... mmap resumed>) = 0x7f6d360b6000 [pid 6855] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6857 attached [pid 6857] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6857] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6857] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6855] <... clone3 resumed> => {parent_tid=[6857]}, 88) = 6857 [pid 6855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6855] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] <... futex resumed>) = 0 [pid 6855] <... futex resumed>) = 1 [pid 6857] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6855] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6857] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6857] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6855] <... futex resumed>) = 0 [pid 6855] exit_group(0 [pid 6857] <... futex resumed>) = ? [pid 6855] <... exit_group resumed>) = ? [pid 6857] +++ exited with 0 +++ [pid 6856] <... futex resumed>) = ? [pid 6856] +++ exited with 0 +++ [pid 6855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6855, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./603", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./603/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./603/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./603/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./603/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./603/bus") = 0 umount2("./603/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./603/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./603") = 0 mkdir("./604", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6858 attached , child_tidptr=0x5555564f6750) = 6858 [pid 6858] set_robust_list(0x5555564f6760, 24) = 0 [pid 6858] chdir("./604") = 0 [pid 6858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6858] setpgid(0, 0) = 0 [pid 6858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6858] write(3, "1000", 4) = 4 [pid 6858] close(3) = 0 [pid 6858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6858] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6858] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6859]}, 88) = 6859 [pid 6858] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6859 attached NULL, 8) = 0 [pid 6859] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6858] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... rseq resumed>) = 0 [pid 6858] <... futex resumed>) = 0 [pid 6859] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6858] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6859] memfd_create("syzkaller", 0) = 3 [pid 6859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6859] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6859] close(3) = 0 [pid 6859] mkdir("./bus", 0777) = 0 [pid 6859] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6859] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6859] chdir("./bus") = 0 [pid 6859] ioctl(4, LOOP_CLR_FD) = 0 [pid 6859] close(4) = 0 [pid 6859] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6859] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6858] <... futex resumed>) = 1 [pid 6859] memfd_create("syzkaller", 0 [pid 6858] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6859] <... memfd_create resumed>) = 4 [pid 6859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6859] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6859] munmap(0x7f6d360cf000, 32768) = 0 [pid 6859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6859] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6859] ioctl(5, LOOP_CLR_FD) = 0 [pid 6859] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6859] close(5) = 0 [pid 6859] close(4) = 0 [pid 6859] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6859] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... futex resumed>) = 0 [pid 6859] <... futex resumed>) = 1 [pid 6859] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6859] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6859] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6858] <... futex resumed>) = 1 [ 160.018851][ T6859] loop0: detected capacity change from 0 to 64 [pid 6858] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] <... mmap resumed>) = 0x20000000 [pid 6859] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... futex resumed>) = 0 [pid 6859] <... futex resumed>) = 1 [pid 6859] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6858] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] <... openat resumed>) = 5 [pid 6859] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6859] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6858] <... futex resumed>) = 0 [pid 6859] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6858] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6858] <... futex resumed>) = 0 [pid 6858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6859] <... openat resumed>) = 6 [pid 6858] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6859] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6860 attached [pid 6860] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6860] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6860] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] <... clone3 resumed> => {parent_tid=[6860]}, 88) = 6860 [pid 6858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6858] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6858] <... futex resumed>) = 1 [pid 6860] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6858] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6860] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6860] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] exit_group(0 [pid 6859] <... futex resumed>) = ? [pid 6860] <... futex resumed>) = ? [pid 6858] <... exit_group resumed>) = ? [pid 6860] +++ exited with 0 +++ [pid 6859] +++ exited with 0 +++ [pid 6858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6858, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./604", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./604/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./604/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./604/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./604/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./604/bus") = 0 umount2("./604/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./604/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./604") = 0 mkdir("./605", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6861 attached , child_tidptr=0x5555564f6750) = 6861 [pid 6861] set_robust_list(0x5555564f6760, 24) = 0 [pid 6861] chdir("./605") = 0 [pid 6861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6861] setpgid(0, 0) = 0 [pid 6861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6861] write(3, "1000", 4) = 4 [pid 6861] close(3) = 0 [pid 6861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6861] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6861] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6862 attached [pid 6862] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6861] <... clone3 resumed> => {parent_tid=[6862]}, 88) = 6862 [pid 6862] set_robust_list(0x7f6d468e79a0, 24 [pid 6861] rt_sigprocmask(SIG_SETMASK, [], [pid 6862] <... set_robust_list resumed>) = 0 [pid 6861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6861] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] memfd_create("syzkaller", 0 [pid 6861] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6862] <... memfd_create resumed>) = 3 [pid 6862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6862] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6862] close(3) = 0 [pid 6862] mkdir("./bus", 0777) = 0 [pid 6862] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6862] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6862] chdir("./bus") = 0 [pid 6862] ioctl(4, LOOP_CLR_FD) = 0 [pid 6862] close(4) = 0 [pid 6862] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6861] <... futex resumed>) = 0 [pid 6861] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6862] <... futex resumed>) = 0 [pid 6861] <... futex resumed>) = 1 [pid 6862] memfd_create("syzkaller", 0) = 4 [pid 6861] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6862] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6862] munmap(0x7f6d360cf000, 32768) = 0 [pid 6862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6862] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6862] ioctl(5, LOOP_CLR_FD) = 0 [pid 6862] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6862] close(5) = 0 [pid 6862] close(4) = 0 [pid 6862] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] <... futex resumed>) = 0 [pid 6862] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6861] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6862] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6862] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] <... futex resumed>) = 0 [pid 6862] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6861] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6862] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6861] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6862] <... write resumed>) = 12288 [pid 6862] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] <... futex resumed>) = 0 [pid 6862] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6861] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6861] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6862] <... mmap resumed>) = 0x20000000 [pid 6862] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] <... futex resumed>) = 0 [pid 6862] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6861] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6861] <... futex resumed>) = 0 [pid 6861] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6862] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6862] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [ 160.182139][ T6862] loop0: detected capacity change from 0 to 64 [pid 6862] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] <... futex resumed>) = 0 [pid 6861] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6861] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6863 attached [pid 6862] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6863] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6862] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6861] <... clone3 resumed> => {parent_tid=[6863]}, 88) = 6863 [pid 6863] <... rseq resumed>) = 0 [pid 6861] rt_sigprocmask(SIG_SETMASK, [], [pid 6863] set_robust_list(0x7f6d360d69a0, 24 [pid 6861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6863] <... set_robust_list resumed>) = 0 [pid 6861] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] rt_sigprocmask(SIG_SETMASK, [], [pid 6861] <... futex resumed>) = 0 [pid 6863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6861] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6863] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6863] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6861] <... futex resumed>) = 0 [ 160.248253][ T6862] [ 160.250641][ T6862] ====================================================== [ 160.257657][ T6862] WARNING: possible circular locking dependency detected [ 160.264686][ T6862] 6.6.0-rc4-syzkaller-00037-g3006adf3be79 #0 Not tainted [ 160.271697][ T6862] ------------------------------------------------------ [ 160.278709][ T6862] syz-executor354/6862 is trying to acquire lock: [ 160.285115][ T6862] ffff88807d1320b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x16e/0x1f0 [ 160.294460][ T6862] [ 160.294460][ T6862] but task is already holding lock: [ 160.301824][ T6862] ffff88801f4a9af8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xff/0x1440 [ 160.312629][ T6862] [ 160.312629][ T6862] which lock already depends on the new lock. [ 160.312629][ T6862] [ 160.323026][ T6862] [ 160.323026][ T6862] the existing dependency chain (in reverse order) is: [ 160.332036][ T6862] [ 160.332036][ T6862] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}: [ 160.341251][ T6862] __mutex_lock+0x136/0xd60 [ 160.346281][ T6862] hfs_extend_file+0xff/0x1440 [ 160.351567][ T6862] hfs_bmap_reserve+0xd9/0x3f0 [ 160.356863][ T6862] __hfs_ext_write_extent+0x22e/0x4f0 [ 160.362779][ T6862] hfs_ext_write_extent+0x154/0x1d0 [ 160.368504][ T6862] hfs_write_inode+0xbc/0xec0 [ 160.373705][ T6862] __writeback_single_inode+0x69b/0xfa0 [ 160.379791][ T6862] writeback_sb_inodes+0x8e3/0x1210 [ 160.385513][ T6862] wb_writeback+0x44d/0xc60 [ 160.390536][ T6862] wb_workfn+0x400/0xff0 [ 160.395311][ T6862] process_scheduled_works+0x90f/0x1400 [ 160.401394][ T6862] worker_thread+0xa5f/0xff0 [ 160.406509][ T6862] kthread+0x2d3/0x370 [ 160.411111][ T6862] ret_from_fork+0x48/0x80 [ 160.416049][ T6862] ret_from_fork_asm+0x11/0x20 [ 160.421340][ T6862] [ 160.421340][ T6862] -> #0 (&tree->tree_lock/1){+.+.}-{3:3}: [ 160.429276][ T6862] __lock_acquire+0x39ff/0x7f70 [ 160.434650][ T6862] lock_acquire+0x1e3/0x520 [ 160.439675][ T6862] __mutex_lock+0x136/0xd60 [ 160.444699][ T6862] hfs_find_init+0x16e/0x1f0 [ 160.449812][ T6862] hfs_extend_file+0x31b/0x1440 [ 160.455186][ T6862] hfs_bmap_reserve+0xd9/0x3f0 [ 160.460469][ T6862] hfs_cat_create+0x1e0/0x970 [ 160.465668][ T6862] hfs_create+0x66/0xd0 [ 160.470341][ T6862] path_openat+0x13e7/0x3180 [ 160.475458][ T6862] do_filp_open+0x234/0x490 [ 160.480481][ T6862] do_sys_openat2+0x13e/0x1d0 [ 160.485681][ T6862] __x64_sys_openat+0x247/0x290 [ 160.491069][ T6862] do_syscall_64+0x41/0xc0 [ 160.496003][ T6862] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.502435][ T6862] [ 160.502435][ T6862] other info that might help us debug this: [ 160.502435][ T6862] [ 160.512682][ T6862] Possible unsafe locking scenario: [ 160.512682][ T6862] [ 160.520129][ T6862] CPU0 CPU1 [ 160.525486][ T6862] ---- ---- [ 160.530845][ T6862] lock(&HFS_I(tree->inode)->extents_lock); [ 160.536828][ T6862] lock(&tree->tree_lock/1); [ 160.544032][ T6862] lock(&HFS_I(tree->inode)->extents_lock); [ 160.552532][ T6862] lock(&tree->tree_lock/1); [ 160.557217][ T6862] [ 160.557217][ T6862] *** DEADLOCK *** [ 160.557217][ T6862] [ 160.565356][ T6862] 4 locks held by syz-executor354/6862: [ 160.570895][ T6862] #0: ffff88807d134410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 160.580064][ T6862] #1: ffff88807d34dda8 (&type->i_mutex_dir_key#6){+.+.}-{3:3}, at: path_openat+0x7c2/0x3180 [ 160.590281][ T6862] #2: ffff88807d1300b0 (&tree->tree_lock){+.+.}-{3:3}, at: hfs_find_init+0x16e/0x1f0 [ 160.599871][ T6862] #3: ffff88801f4a9af8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xff/0x1440 [ 160.611112][ T6862] [ 160.611112][ T6862] stack backtrace: [ 160.616995][ T6862] CPU: 0 PID: 6862 Comm: syz-executor354 Not tainted 6.6.0-rc4-syzkaller-00037-g3006adf3be79 #0 [ 160.627403][ T6862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 160.637460][ T6862] Call Trace: [ 160.640740][ T6862] [ 160.643670][ T6862] dump_stack_lvl+0x1e7/0x2d0 [ 160.648352][ T6862] ? nf_tcp_handle_invalid+0x650/0x650 [ 160.653815][ T6862] ? print_circular_bug+0x12b/0x1a0 [ 160.659019][ T6862] check_noncircular+0x375/0x4a0 [ 160.663964][ T6862] ? print_deadlock_bug+0x600/0x600 [ 160.669181][ T6862] ? lockdep_lock+0x123/0x2b0 [ 160.673863][ T6862] ? mark_lock+0x9a/0x340 [ 160.678196][ T6862] ? _find_first_zero_bit+0xd4/0x100 [ 160.683489][ T6862] __lock_acquire+0x39ff/0x7f70 [ 160.688359][ T6862] ? verify_lock_unused+0x140/0x140 [ 160.693559][ T6862] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 160.699560][ T6862] ? print_irqtrace_events+0x220/0x220 [ 160.705043][ T6862] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 160.710978][ T6862] ? lockdep_hardirqs_on+0x98/0x140 [ 160.716194][ T6862] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 160.722107][ T6862] ? _raw_spin_unlock+0x40/0x40 [ 160.726993][ T6862] ? stack_trace_snprint+0xf0/0xf0 [ 160.732131][ T6862] lock_acquire+0x1e3/0x520 [ 160.736658][ T6862] ? hfs_find_init+0x16e/0x1f0 [ 160.741434][ T6862] ? read_lock_is_recursive+0x20/0x20 [ 160.746813][ T6862] ? __x64_sys_openat+0x247/0x290 [ 160.751862][ T6862] ? do_syscall_64+0x41/0xc0 [ 160.756481][ T6862] ? __might_sleep+0xc0/0xc0 [ 160.761087][ T6862] __mutex_lock+0x136/0xd60 [ 160.765604][ T6862] ? hfs_find_init+0x16e/0x1f0 [ 160.770382][ T6862] ? hfs_find_init+0x16e/0x1f0 [ 160.775151][ T6862] ? mutex_lock_nested+0x20/0x20 [ 160.780103][ T6862] ? hfs_find_init+0x90/0x1f0 [ 160.784779][ T6862] ? rcu_is_watching+0x15/0xb0 [ 160.789553][ T6862] ? __kmalloc+0xe6/0x230 [ 160.793913][ T6862] hfs_find_init+0x16e/0x1f0 [ 160.798500][ T6862] hfs_extend_file+0x31b/0x1440 [ 160.803355][ T6862] ? hfs_get_block+0xb60/0xb60 [ 160.808123][ T6862] ? rcu_is_watching+0x15/0xb0 [ 160.812894][ T6862] ? __mutex_lock+0x2ee/0xd60 [ 160.817576][ T6862] ? hfs_find_init+0x16e/0x1f0 [ 160.822340][ T6862] ? mutex_lock_nested+0x20/0x20 [ 160.827289][ T6862] hfs_bmap_reserve+0xd9/0x3f0 [ 160.832061][ T6862] hfs_cat_create+0x1e0/0x970 [ 160.836742][ T6862] ? hfs_cat_build_key+0x170/0x170 [ 160.841864][ T6862] ? _raw_spin_unlock+0x28/0x40 [ 160.846721][ T6862] ? hfs_new_inode+0x88c/0xac0 [ 160.851493][ T6862] hfs_create+0x66/0xd0 [ 160.855649][ T6862] ? hfs_lookup+0x2f0/0x2f0 [ 160.860157][ T6862] path_openat+0x13e7/0x3180 [ 160.864772][ T6862] ? do_filp_open+0x490/0x490 [ 160.869460][ T6862] do_filp_open+0x234/0x490 [ 160.873970][ T6862] ? vfs_tmpfile+0x4b0/0x4b0 [ 160.878574][ T6862] ? _raw_spin_unlock+0x28/0x40 [ 160.883432][ T6862] ? alloc_fd+0x59c/0x640 [ 160.887784][ T6862] do_sys_openat2+0x13e/0x1d0 [ 160.892489][ T6862] ? do_sys_open+0x230/0x230 [ 160.897088][ T6862] ? lockdep_hardirqs_on+0x98/0x140 [ 160.902290][ T6862] ? _raw_spin_unlock_irq+0x2e/0x50 [ 160.907496][ T6862] ? ptrace_notify+0x278/0x380 [ 160.912268][ T6862] __x64_sys_openat+0x247/0x290 [ 160.917132][ T6862] ? __ia32_sys_open+0x270/0x270 [ 160.922075][ T6862] ? syscall_enter_from_user_mode+0x32/0x230 [ 160.928067][ T6862] ? syscall_enter_from_user_mode+0x8c/0x230 [ 160.934056][ T6862] do_syscall_64+0x41/0xc0 [ 160.938475][ T6862] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.944379][ T6862] RIP: 0033:0x7f6d4692b759 [ 160.948797][ T6862] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 160.968406][ T6862] RSP: 002b:00007f6d468e7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 160.976821][ T6862] RAX: ffffffffffffffda RBX: 00007f6d469b46c8 RCX: 00007f6d4692b759 [ 160.984792][ T6862] RDX: 000000000000275a RSI: 0000000020000000 RDI: 00000000ffffff9c [ 160.992759][ T6862] RBP: 00007f6d469b46c0 R08: 00007f6d469b46c0 R09: 0000000000000000 [pid 6862] <... openat resumed>) = -1 EIO (Input/output error) [pid 6862] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6861] exit_group(0) = ? [pid 6862] <... futex resumed>) = ? [pid 6862] +++ exited with 0 +++ [pid 6863] <... futex resumed>) = ? [pid 6863] +++ exited with 0 +++ [pid 6861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6861, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./605", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./605/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./605/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./605/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./605/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./605/bus") = 0 umount2("./605/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./605/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./605") = 0 mkdir("./606", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6864 attached , child_tidptr=0x5555564f6750) = 6864 [pid 6864] set_robust_list(0x5555564f6760, 24) = 0 [pid 6864] chdir("./606") = 0 [pid 6864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6864] setpgid(0, 0) = 0 [pid 6864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6864] write(3, "1000", 4) = 4 [pid 6864] close(3) = 0 [pid 6864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6864] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6864] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6864] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6865]}, 88) = 6865 [pid 6864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6864] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6864] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6865 attached [pid 6865] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6865] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6865] memfd_create("syzkaller", 0) = 3 [pid 6865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [ 161.000812][ T6862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d469b46cc [ 161.008778][ T6862] R13: 0000000000000006 R14: 00007ffdbba24a90 R15: 00007ffdbba24b78 [ 161.016754][ T6862] [ 161.021586][ T6862] hfs: request for non-existent node 16777216 in B*Tree [ 161.029067][ T6862] hfs: request for non-existent node 16777216 in B*Tree [ 161.036207][ T6862] hfs: inconsistency in B*Tree (5,0,1,0,1) [pid 6865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6865] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6865] close(3) = 0 [pid 6865] mkdir("./bus", 0777) = 0 [pid 6865] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6865] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6865] chdir("./bus") = 0 [pid 6865] ioctl(4, LOOP_CLR_FD) = 0 [pid 6865] close(4) = 0 [pid 6865] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... futex resumed>) = 0 [pid 6864] <... futex resumed>) = 1 [pid 6865] memfd_create("syzkaller", 0 [pid 6864] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6865] <... memfd_create resumed>) = 4 [pid 6865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6865] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6865] munmap(0x7f6d360cf000, 32768) = 0 [pid 6865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6865] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6865] ioctl(5, LOOP_CLR_FD) = 0 [pid 6865] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6865] close(5) = 0 [pid 6865] close(4) = 0 [pid 6865] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6864] <... futex resumed>) = 0 [pid 6865] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6864] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] <... openat resumed>) = 4 [pid 6865] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6864] <... futex resumed>) = 0 [pid 6865] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6864] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] <... write resumed>) = 12288 [pid 6865] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6865] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6864] <... futex resumed>) = 0 [pid 6864] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] <... mmap resumed>) = 0x20000000 [pid 6865] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6864] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6865] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6865] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6865] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6865] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6864] <... futex resumed>) = 0 [pid 6864] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6865] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6864] <... mmap resumed>) = 0x7f6d360b6000 [pid 6864] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6866]}, 88) = 6866 [pid 6865] <... openat resumed>) = 6 [pid 6864] rt_sigprocmask(SIG_SETMASK, [], [pid 6865] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6866 attached ) = 0 [pid 6865] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6866] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6866] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6864] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] rt_sigprocmask(SIG_SETMASK, [], [pid 6864] <... futex resumed>) = 0 [pid 6866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6866] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [ 161.073703][ T6865] loop0: detected capacity change from 0 to 64 [pid 6864] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6866] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6866] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6864] exit_group(0 [pid 6866] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6865] <... futex resumed>) = ? [pid 6864] <... exit_group resumed>) = ? [pid 6866] +++ exited with 0 +++ [pid 6865] +++ exited with 0 +++ [pid 6864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6864, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./606", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./606/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./606/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./606/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./606/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./606/bus") = 0 umount2("./606/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./606/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./606") = 0 mkdir("./607", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6867 attached , child_tidptr=0x5555564f6750) = 6867 [pid 6867] set_robust_list(0x5555564f6760, 24) = 0 [pid 6867] chdir("./607") = 0 [pid 6867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6867] setpgid(0, 0) = 0 [pid 6867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6867] write(3, "1000", 4) = 4 [pid 6867] close(3) = 0 [pid 6867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6867] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6867] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6868 attached [pid 6868] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6867] <... clone3 resumed> => {parent_tid=[6868]}, 88) = 6868 [pid 6868] set_robust_list(0x7f6d468e79a0, 24 [pid 6867] rt_sigprocmask(SIG_SETMASK, [], [pid 6868] <... set_robust_list resumed>) = 0 [pid 6867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6868] rt_sigprocmask(SIG_SETMASK, [], [pid 6867] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6868] memfd_create("syzkaller", 0 [pid 6867] <... futex resumed>) = 0 [pid 6867] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6868] <... memfd_create resumed>) = 3 [pid 6868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6868] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6868] close(3) = 0 [pid 6868] mkdir("./bus", 0777) = 0 [pid 6868] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6868] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6868] chdir("./bus") = 0 [pid 6868] ioctl(4, LOOP_CLR_FD) = 0 [pid 6868] close(4) = 0 [pid 6868] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] <... futex resumed>) = 0 [pid 6867] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] <... futex resumed>) = 0 [pid 6867] <... futex resumed>) = 1 [pid 6868] memfd_create("syzkaller", 0 [pid 6867] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6868] <... memfd_create resumed>) = 4 [pid 6868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6868] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6868] munmap(0x7f6d360cf000, 32768) = 0 [pid 6868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6868] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6868] ioctl(5, LOOP_CLR_FD) = 0 [pid 6868] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6868] close(5) = 0 [pid 6868] close(4) = 0 [pid 6868] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] <... futex resumed>) = 0 [pid 6867] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] <... futex resumed>) = 0 [pid 6867] <... futex resumed>) = 1 [pid 6868] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6867] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6868] <... openat resumed>) = 4 [pid 6868] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = 0 [pid 6867] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] <... futex resumed>) = 1 [pid 6867] <... futex resumed>) = 0 [pid 6868] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6867] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6868] <... write resumed>) = 12288 [pid 6868] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = 0 [pid 6868] <... futex resumed>) = 1 [pid 6867] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6867] <... futex resumed>) = 0 [pid 6868] <... mmap resumed>) = 0x20000000 [pid 6867] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6868] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = 0 [pid 6867] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6868] <... futex resumed>) = 1 [pid 6868] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6868] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6868] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = 0 [pid 6867] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6868] <... futex resumed>) = 1 [pid 6868] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6868] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6867] <... mmap resumed>) = 0x7f6d360b6000 [pid 6868] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6868] <... futex resumed>) = 0 [pid 6867] <... mprotect resumed>) = 0 [pid 6868] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6869]}, 88) = 6869 [pid 6867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6867] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6869 attached [pid 6869] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6869] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6869] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6869] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6867] <... futex resumed>) = 0 [pid 6869] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] exit_group(0 [pid 6869] <... futex resumed>) = ? [pid 6868] <... futex resumed>) = ? [pid 6869] +++ exited with 0 +++ [pid 6868] +++ exited with 0 +++ [pid 6867] <... exit_group resumed>) = ? [pid 6867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6867, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./607", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 161.192406][ T6868] loop0: detected capacity change from 0 to 64 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./607/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./607/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./607/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./607/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./607/bus") = 0 umount2("./607/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./607/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./607") = 0 mkdir("./608", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6870 attached , child_tidptr=0x5555564f6750) = 6870 [pid 6870] set_robust_list(0x5555564f6760, 24) = 0 [pid 6870] chdir("./608") = 0 [pid 6870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6870] setpgid(0, 0) = 0 [pid 6870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6870] write(3, "1000", 4) = 4 [pid 6870] close(3) = 0 [pid 6870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6870] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6870] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6870] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6870] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6870] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6871]}, 88) = 6871 ./strace-static-x86_64: Process 6871 attached [pid 6871] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6870] rt_sigprocmask(SIG_SETMASK, [], [pid 6871] <... rseq resumed>) = 0 [pid 6871] set_robust_list(0x7f6d468e79a0, 24 [pid 6870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6871] <... set_robust_list resumed>) = 0 [pid 6870] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] rt_sigprocmask(SIG_SETMASK, [], [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6871] memfd_create("syzkaller", 0) = 3 [pid 6871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6871] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6871] close(3) = 0 [pid 6871] mkdir("./bus", 0777) = 0 [pid 6871] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6871] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6871] chdir("./bus") = 0 [pid 6871] ioctl(4, LOOP_CLR_FD) = 0 [pid 6871] close(4) = 0 [pid 6871] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] <... futex resumed>) = 0 [pid 6871] <... futex resumed>) = 1 [pid 6870] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] memfd_create("syzkaller", 0 [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6871] <... memfd_create resumed>) = 4 [pid 6871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6871] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6871] munmap(0x7f6d360cf000, 32768) = 0 [pid 6871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6871] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6871] ioctl(5, LOOP_CLR_FD) = 0 [pid 6871] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6871] close(5) = 0 [pid 6871] close(4) = 0 [pid 6871] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] <... futex resumed>) = 0 [pid 6871] <... futex resumed>) = 1 [pid 6870] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6871] <... openat resumed>) = 4 [pid 6871] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6871] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6870] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6870] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6871] <... write resumed>) = 12288 [pid 6871] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] <... futex resumed>) = 0 [pid 6871] <... futex resumed>) = 1 [pid 6870] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6871] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6870] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6871] <... mmap resumed>) = 0x20000000 [pid 6871] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6871] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6871] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6871] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6871] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6871] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] <... openat resumed>) = 6 [pid 6871] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] <... futex resumed>) = 0 [pid 6871] <... futex resumed>) = 0 [pid 6870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6871] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] <... mmap resumed>) = 0x7f6d360b6000 [pid 6870] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6870] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6872 attached [pid 6872] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6872] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6872] rt_sigprocmask(SIG_SETMASK, [], [pid 6870] <... clone3 resumed> => {parent_tid=[6872]}, 88) = 6872 [pid 6872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6872] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6870] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] <... futex resumed>) = 0 [pid 6872] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6870] <... futex resumed>) = 1 [pid 6872] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6870] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6872] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6872] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] exit_group(0 [pid 6872] <... futex resumed>) = ? [pid 6870] <... exit_group resumed>) = ? [pid 6872] +++ exited with 0 +++ [pid 6871] <... futex resumed>) = ? [pid 6871] +++ exited with 0 +++ [pid 6870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6870, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./608", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 161.314078][ T6871] loop0: detected capacity change from 0 to 64 umount2("./608/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./608/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./608/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./608/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./608/bus") = 0 umount2("./608/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./608/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./608") = 0 mkdir("./609", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6873 attached [pid 6873] set_robust_list(0x5555564f6760, 24) = 0 [pid 6873] chdir("./609" [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6873 [pid 6873] <... chdir resumed>) = 0 [pid 6873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6873] setpgid(0, 0) = 0 [pid 6873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6873] write(3, "1000", 4) = 4 [pid 6873] close(3) = 0 [pid 6873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6873] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6873] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6873] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6873] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6874 attached [pid 6874] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6874] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6874] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6873] <... clone3 resumed> => {parent_tid=[6874]}, 88) = 6874 [pid 6873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6873] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... futex resumed>) = 0 [pid 6873] <... futex resumed>) = 1 [pid 6874] memfd_create("syzkaller", 0 [pid 6873] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6874] <... memfd_create resumed>) = 3 [pid 6874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6874] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6874] close(3) = 0 [pid 6874] mkdir("./bus", 0777) = 0 [pid 6874] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6874] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6874] chdir("./bus") = 0 [pid 6874] ioctl(4, LOOP_CLR_FD) = 0 [pid 6874] close(4) = 0 [pid 6874] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = 0 [pid 6873] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6873] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6874] <... futex resumed>) = 1 [pid 6874] memfd_create("syzkaller", 0) = 4 [pid 6874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6874] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6874] munmap(0x7f6d360cf000, 32768) = 0 [pid 6874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6874] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6874] ioctl(5, LOOP_CLR_FD) = 0 [pid 6874] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6874] close(5) = 0 [pid 6874] close(4) = 0 [pid 6874] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6873] <... futex resumed>) = 0 [pid 6873] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... futex resumed>) = 0 [pid 6873] <... futex resumed>) = 1 [pid 6874] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6873] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6874] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6874] <... futex resumed>) = 0 [pid 6873] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6873] <... futex resumed>) = 0 [pid 6874] <... write resumed>) = 12288 [pid 6873] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6874] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6874] <... futex resumed>) = 0 [pid 6873] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6873] <... futex resumed>) = 0 [pid 6874] <... mmap resumed>) = 0x20000000 [pid 6873] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6874] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = 0 [pid 6873] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6873] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6874] <... futex resumed>) = 1 [pid 6874] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6874] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6874] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = 0 [pid 6873] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... futex resumed>) = 1 [pid 6874] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6874] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6873] <... futex resumed>) = 0 [pid 6873] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6873] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6874] <... openat resumed>) = 6 [pid 6873] <... mprotect resumed>) = 0 [pid 6874] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6875 attached [pid 6875] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6873] <... clone3 resumed> => {parent_tid=[6875]}, 88) = 6875 [pid 6875] set_robust_list(0x7f6d360d69a0, 24 [pid 6873] rt_sigprocmask(SIG_SETMASK, [], [pid 6875] <... set_robust_list resumed>) = 0 [pid 6873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6875] rt_sigprocmask(SIG_SETMASK, [], [pid 6873] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6873] <... futex resumed>) = 0 [pid 6875] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6873] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6875] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = 0 [pid 6873] exit_group(0) = ? [pid 6874] <... futex resumed>) = ? [pid 6874] +++ exited with 0 +++ [pid 6875] <... futex resumed>) = ? [pid 6875] +++ exited with 0 +++ [pid 6873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6873, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./609", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 161.421371][ T6874] loop0: detected capacity change from 0 to 64 umount2("./609/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./609/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./609/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./609/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./609/bus") = 0 umount2("./609/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./609/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./609") = 0 mkdir("./610", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6876 attached , child_tidptr=0x5555564f6750) = 6876 [pid 6876] set_robust_list(0x5555564f6760, 24) = 0 [pid 6876] chdir("./610") = 0 [pid 6876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6876] setpgid(0, 0) = 0 [pid 6876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6876] write(3, "1000", 4) = 4 [pid 6876] close(3) = 0 [pid 6876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6876] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6876] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6876] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6877 attached [pid 6877] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6877] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6877] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] <... clone3 resumed> => {parent_tid=[6877]}, 88) = 6877 [pid 6876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6876] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6877] <... futex resumed>) = 0 [pid 6877] memfd_create("syzkaller", 0 [pid 6876] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6877] <... memfd_create resumed>) = 3 [pid 6877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6877] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6877] close(3) = 0 [pid 6877] mkdir("./bus", 0777) = 0 [pid 6877] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6877] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6877] chdir("./bus") = 0 [pid 6877] ioctl(4, LOOP_CLR_FD) = 0 [pid 6877] close(4) = 0 [pid 6877] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 6877] memfd_create("syzkaller", 0 [pid 6876] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] <... memfd_create resumed>) = 4 [pid 6877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6877] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 6876] <... futex resumed>) = 0 [pid 6877] <... write resumed>) = 32768 [pid 6877] munmap(0x7f6d360cf000, 32768) = 0 [pid 6877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6877] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6877] ioctl(5, LOOP_CLR_FD) = 0 [pid 6876] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6877] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6877] close(5) = 0 [pid 6877] close(4) = 0 [pid 6877] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6877] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] <... futex resumed>) = 0 [pid 6876] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] <... futex resumed>) = 0 [pid 6876] <... futex resumed>) = 1 [pid 6877] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6876] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... openat resumed>) = 4 [pid 6877] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 6876] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6876] <... futex resumed>) = 0 [pid 6876] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... write resumed>) = 12288 [pid 6877] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 6877] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6876] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6877] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6877] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 6877] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6876] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6877] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6877] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 6876] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6876] <... futex resumed>) = 0 [pid 6877] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6876] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6876] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6878 attached [pid 6878] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6876] <... clone3 resumed> => {parent_tid=[6878]}, 88) = 6878 [pid 6876] rt_sigprocmask(SIG_SETMASK, [], [pid 6878] <... rseq resumed>) = 0 [pid 6878] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6878] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6877] <... openat resumed>) = 6 [pid 6876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6877] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6876] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] <... futex resumed>) = 0 [pid 6878] <... futex resumed>) = 0 [pid 6877] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] <... futex resumed>) = 1 [pid 6878] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6876] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6878] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6878] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 6878] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] exit_group(0 [pid 6878] <... futex resumed>) = ? [pid 6877] <... futex resumed>) = ? [pid 6876] <... exit_group resumed>) = ? [pid 6878] +++ exited with 0 +++ [pid 6877] +++ exited with 0 +++ [pid 6876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6876, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./610", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 161.527868][ T6877] loop0: detected capacity change from 0 to 64 umount2("./610/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./610/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./610/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./610/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./610/bus") = 0 umount2("./610/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./610/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./610") = 0 mkdir("./611", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6879 attached [pid 6879] set_robust_list(0x5555564f6760, 24) = 0 [pid 6879] chdir("./611") = 0 [pid 6879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6879] setpgid(0, 0) = 0 [pid 6879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6879] write(3, "1000", 4) = 4 [pid 6879] close(3) = 0 [pid 6879] symlink("/dev/binderfs", "./binderfs" [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6879 [pid 6879] <... symlink resumed>) = 0 [pid 6879] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6879] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6879] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6880 attached => {parent_tid=[6880]}, 88) = 6880 [pid 6880] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6879] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] <... rseq resumed>) = 0 [pid 6879] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6880] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6880] memfd_create("syzkaller", 0) = 3 [pid 6880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6880] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6880] close(3) = 0 [pid 6880] mkdir("./bus", 0777) = 0 [pid 6880] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6880] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6880] chdir("./bus") = 0 [pid 6880] ioctl(4, LOOP_CLR_FD) = 0 [pid 6880] close(4) = 0 [pid 6880] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] <... futex resumed>) = 0 [pid 6880] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6879] <... futex resumed>) = 0 [pid 6880] memfd_create("syzkaller", 0 [pid 6879] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6880] <... memfd_create resumed>) = 4 [pid 6880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6880] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6880] munmap(0x7f6d360cf000, 32768) = 0 [pid 6880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6880] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6880] ioctl(5, LOOP_CLR_FD) = 0 [pid 6880] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6880] close(5) = 0 [pid 6880] close(4) = 0 [pid 6880] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6880] <... futex resumed>) = 1 [pid 6879] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6880] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6879] <... futex resumed>) = 0 [pid 6880] <... openat resumed>) = 4 [pid 6879] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6880] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6879] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6879] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6880] <... futex resumed>) = 1 [pid 6880] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6880] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] <... futex resumed>) = 0 [pid 6880] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6879] <... futex resumed>) = 0 [pid 6880] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6879] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6880] <... mmap resumed>) = 0x20000000 [pid 6880] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6879] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6879] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6880] <... futex resumed>) = 1 [pid 6880] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6880] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6880] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] <... futex resumed>) = 0 [pid 6879] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6879] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6880] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6879] <... futex resumed>) = 0 [pid 6880] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6880] <... openat resumed>) = 6 [pid 6879] <... mmap resumed>) = 0x7f6d360b6000 [pid 6880] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6880] <... futex resumed>) = 0 [pid 6879] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6880] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6881 attached => {parent_tid=[6881]}, 88) = 6881 [pid 6881] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6879] rt_sigprocmask(SIG_SETMASK, [], [pid 6881] <... rseq resumed>) = 0 [pid 6881] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6881] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6879] <... futex resumed>) = 0 [pid 6881] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6879] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6881] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6881] <... futex resumed>) = 1 [pid 6881] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] exit_group(0 [pid 6880] <... futex resumed>) = ? [ 161.639673][ T6880] loop0: detected capacity change from 0 to 64 [pid 6879] <... exit_group resumed>) = ? [pid 6881] <... futex resumed>) = ? [pid 6880] +++ exited with 0 +++ [pid 6881] +++ exited with 0 +++ [pid 6879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6879, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./611", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./611/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./611/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./611/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./611/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./611/bus") = 0 umount2("./611/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./611/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./611") = 0 mkdir("./612", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6882 attached , child_tidptr=0x5555564f6750) = 6882 [pid 6882] set_robust_list(0x5555564f6760, 24) = 0 [pid 6882] chdir("./612") = 0 [pid 6882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6882] setpgid(0, 0) = 0 [pid 6882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6882] write(3, "1000", 4) = 4 [pid 6882] close(3) = 0 [pid 6882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6882] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6882] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6882] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6883 attached [pid 6883] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6882] <... clone3 resumed> => {parent_tid=[6883]}, 88) = 6883 [pid 6883] <... rseq resumed>) = 0 [pid 6882] rt_sigprocmask(SIG_SETMASK, [], [pid 6883] set_robust_list(0x7f6d468e79a0, 24 [pid 6882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6883] <... set_robust_list resumed>) = 0 [pid 6882] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6882] <... futex resumed>) = 0 [pid 6883] memfd_create("syzkaller", 0 [pid 6882] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6883] <... memfd_create resumed>) = 3 [pid 6883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6883] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6883] close(3) = 0 [pid 6883] mkdir("./bus", 0777) = 0 [pid 6883] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6883] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6883] chdir("./bus") = 0 [pid 6883] ioctl(4, LOOP_CLR_FD) = 0 [pid 6883] close(4) = 0 [pid 6883] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6882] <... futex resumed>) = 0 [pid 6883] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6882] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] memfd_create("syzkaller", 0 [pid 6882] <... futex resumed>) = 0 [pid 6883] <... memfd_create resumed>) = 4 [pid 6882] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6883] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6883] munmap(0x7f6d360cf000, 32768) = 0 [pid 6883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6883] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6883] ioctl(5, LOOP_CLR_FD) = 0 [pid 6883] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6883] close(5) = 0 [pid 6883] close(4) = 0 [pid 6883] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6883] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6882] <... futex resumed>) = 0 [pid 6882] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6883] <... futex resumed>) = 0 [pid 6882] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6883] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6882] <... futex resumed>) = 0 [pid 6882] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6882] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6883] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6882] <... futex resumed>) = 0 [pid 6882] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6882] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6883] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6882] <... futex resumed>) = 0 [pid 6882] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6882] <... futex resumed>) = 0 [pid 6882] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6883] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6882] <... futex resumed>) = 0 [pid 6882] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6882] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6883] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6882] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6884 attached => {parent_tid=[6884]}, 88) = 6884 [pid 6884] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6882] rt_sigprocmask(SIG_SETMASK, [], [pid 6884] <... rseq resumed>) = 0 [pid 6882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6884] set_robust_list(0x7f6d360d69a0, 24 [pid 6882] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6884] <... set_robust_list resumed>) = 0 [pid 6883] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6884] rt_sigprocmask(SIG_SETMASK, [], [pid 6882] <... futex resumed>) = 0 [pid 6884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6882] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6884] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6883] <... openat resumed>) = 6 [pid 6884] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6882] <... futex resumed>) = 0 [pid 6884] <... futex resumed>) = 1 [pid 6884] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6883] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6883] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6882] exit_group(0) = ? [pid 6883] <... futex resumed>) = ? [pid 6884] <... futex resumed>) = ? [pid 6884] +++ exited with 0 +++ [pid 6883] +++ exited with 0 +++ [pid 6882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6882, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./612", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./612/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./612/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./612/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./612/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 161.744409][ T6883] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./612/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./612/bus") = 0 umount2("./612/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./612/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./612") = 0 mkdir("./613", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6885 attached , child_tidptr=0x5555564f6750) = 6885 [pid 6885] set_robust_list(0x5555564f6760, 24) = 0 [pid 6885] chdir("./613") = 0 [pid 6885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6885] setpgid(0, 0) = 0 [pid 6885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6885] write(3, "1000", 4) = 4 [pid 6885] close(3) = 0 [pid 6885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6885] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6885] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6885] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6886 attached [pid 6886] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6886] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] <... clone3 resumed> => {parent_tid=[6886]}, 88) = 6886 [pid 6885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6885] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = 1 [pid 6886] memfd_create("syzkaller", 0 [pid 6885] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6886] <... memfd_create resumed>) = 3 [pid 6886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6886] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6886] close(3) = 0 [pid 6886] mkdir("./bus", 0777) = 0 [pid 6886] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6886] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6886] chdir("./bus") = 0 [pid 6886] ioctl(4, LOOP_CLR_FD) = 0 [pid 6886] close(4) = 0 [pid 6886] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] <... futex resumed>) = 0 [pid 6885] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = 1 [pid 6886] memfd_create("syzkaller", 0 [pid 6885] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6886] <... memfd_create resumed>) = 4 [pid 6886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6886] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6886] munmap(0x7f6d360cf000, 32768) = 0 [pid 6886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6886] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6886] ioctl(5, LOOP_CLR_FD) = 0 [pid 6886] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6886] close(5) = 0 [pid 6886] close(4) = 0 [pid 6886] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6885] <... futex resumed>) = 0 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6885] <... futex resumed>) = 0 [pid 6886] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6885] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6886] <... openat resumed>) = 4 [pid 6886] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6885] <... futex resumed>) = 0 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6885] <... futex resumed>) = 0 [pid 6886] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6885] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6886] <... write resumed>) = 12288 [pid 6886] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] <... futex resumed>) = 0 [pid 6885] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = 1 [pid 6886] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6885] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6886] <... mmap resumed>) = 0x20000000 [pid 6886] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] <... futex resumed>) = 0 [pid 6885] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = 0 [pid 6886] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6885] <... futex resumed>) = 1 [pid 6886] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6885] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6886] <... openat resumed>) = 5 [pid 6886] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] <... futex resumed>) = 0 [pid 6885] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = 1 [pid 6886] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6885] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6885] <... futex resumed>) = 0 [ 161.843723][ T6886] loop0: detected capacity change from 0 to 64 [pid 6886] <... openat resumed>) = 6 [pid 6885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6886] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] <... mmap resumed>) = 0x7f6d360b6000 [pid 6885] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6887]}, 88) = 6887 ./strace-static-x86_64: Process 6887 attached [pid 6885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6885] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6885] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6887] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6887] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6887] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6885] <... futex resumed>) = 0 [pid 6887] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] exit_group(0 [pid 6887] <... futex resumed>) = ? [pid 6887] +++ exited with 0 +++ [pid 6886] <... futex resumed>) = ? [pid 6885] <... exit_group resumed>) = ? [pid 6886] +++ exited with 0 +++ [pid 6885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6885, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./613", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./613/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./613/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./613/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./613/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./613/bus") = 0 umount2("./613/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./613/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./613") = 0 mkdir("./614", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6888 attached , child_tidptr=0x5555564f6750) = 6888 [pid 6888] set_robust_list(0x5555564f6760, 24) = 0 [pid 6888] chdir("./614") = 0 [pid 6888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6888] setpgid(0, 0) = 0 [pid 6888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6888] write(3, "1000", 4) = 4 [pid 6888] close(3) = 0 [pid 6888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6888] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6888] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6889 attached => {parent_tid=[6889]}, 88) = 6889 [pid 6889] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6889] set_robust_list(0x7f6d468e79a0, 24 [pid 6888] rt_sigprocmask(SIG_SETMASK, [], [pid 6889] <... set_robust_list resumed>) = 0 [pid 6888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6888] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] memfd_create("syzkaller", 0 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6889] <... memfd_create resumed>) = 3 [pid 6889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6889] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6889] close(3) = 0 [pid 6889] mkdir("./bus", 0777) = 0 [pid 6889] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6889] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6889] chdir("./bus") = 0 [pid 6889] ioctl(4, LOOP_CLR_FD) = 0 [pid 6889] close(4) = 0 [pid 6889] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... futex resumed>) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6889] memfd_create("syzkaller", 0 [pid 6888] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6889] <... memfd_create resumed>) = 4 [pid 6889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6889] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6889] munmap(0x7f6d360cf000, 32768) = 0 [pid 6889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6889] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6889] ioctl(5, LOOP_CLR_FD) = 0 [pid 6889] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6889] close(5) = 0 [pid 6889] close(4) = 0 [pid 6889] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] <... futex resumed>) = 1 [pid 6888] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6889] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6889] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6889] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6888] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6888] <... futex resumed>) = 0 [pid 6889] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6888] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6889] <... write resumed>) = 12288 [pid 6889] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6889] <... futex resumed>) = 1 [pid 6889] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6889] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6889] <... futex resumed>) = 1 [pid 6889] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6889] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6889] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6889] <... futex resumed>) = 1 [pid 6889] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6889] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6888] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6889] <... openat resumed>) = 6 [pid 6888] <... mprotect resumed>) = 0 [pid 6888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6890 attached [pid 6889] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6888] <... clone3 resumed> => {parent_tid=[6890]}, 88) = 6890 [pid 6888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6888] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6890] <... rseq resumed>) = 0 [pid 6890] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6890] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6890] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6888] <... futex resumed>) = 0 [pid 6888] exit_group(0 [pid 6889] <... futex resumed>) = ? [pid 6890] <... futex resumed>) = ? [pid 6889] +++ exited with 0 +++ [pid 6890] +++ exited with 0 +++ [pid 6888] <... exit_group resumed>) = ? [pid 6888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6888, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./614", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./614/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./614/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./614/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./614/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./614/bus") = 0 umount2("./614/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./614/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./614") = 0 mkdir("./615", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6891 attached , child_tidptr=0x5555564f6750) = 6891 [pid 6891] set_robust_list(0x5555564f6760, 24) = 0 [pid 6891] chdir("./615") = 0 [pid 6891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 161.949833][ T6889] loop0: detected capacity change from 0 to 64 [pid 6891] setpgid(0, 0) = 0 [pid 6891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6891] write(3, "1000", 4) = 4 [pid 6891] close(3) = 0 [pid 6891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6891] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6891] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6891] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6892 attached [pid 6892] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6891] <... clone3 resumed> => {parent_tid=[6892]}, 88) = 6892 [pid 6892] <... rseq resumed>) = 0 [pid 6891] rt_sigprocmask(SIG_SETMASK, [], [pid 6892] set_robust_list(0x7f6d468e79a0, 24 [pid 6891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6892] <... set_robust_list resumed>) = 0 [pid 6891] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6891] <... futex resumed>) = 0 [pid 6892] memfd_create("syzkaller", 0) = 3 [pid 6891] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6892] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6892] close(3) = 0 [pid 6892] mkdir("./bus", 0777) = 0 [pid 6892] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6892] chdir("./bus") = 0 [pid 6892] ioctl(4, LOOP_CLR_FD) = 0 [pid 6892] close(4) = 0 [pid 6892] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6892] memfd_create("syzkaller", 0 [pid 6891] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] <... memfd_create resumed>) = 4 [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6892] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6892] munmap(0x7f6d360cf000, 32768) = 0 [pid 6892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6892] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6892] ioctl(5, LOOP_CLR_FD) = 0 [pid 6892] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6892] close(5) = 0 [pid 6892] close(4) = 0 [pid 6892] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6892] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6891] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] <... openat resumed>) = 4 [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6892] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] <... futex resumed>) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6892] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6891] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6892] <... write resumed>) = 12288 [pid 6892] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6891] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6892] <... futex resumed>) = 1 [pid 6892] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6892] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] <... futex resumed>) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6892] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6891] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6892] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6892] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6892] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6891] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6891] <... futex resumed>) = 0 [pid 6892] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6891] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6892] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6892] <... openat resumed>) = 6 [pid 6891] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6892] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6891] <... mprotect resumed>) = 0 [pid 6892] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6893 attached [pid 6893] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6893] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6893] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6891] <... clone3 resumed> => {parent_tid=[6893]}, 88) = 6893 [pid 6891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6891] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] <... futex resumed>) = 0 [pid 6891] <... futex resumed>) = 1 [pid 6893] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6891] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6893] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6893] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6893] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6891] <... futex resumed>) = 0 [pid 6891] exit_group(0 [pid 6893] <... futex resumed>) = ? [pid 6892] <... futex resumed>) = ? [pid 6891] <... exit_group resumed>) = ? [pid 6893] +++ exited with 0 +++ [pid 6892] +++ exited with 0 +++ [pid 6891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6891, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./615", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./615/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./615/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 162.021360][ T6892] loop0: detected capacity change from 0 to 64 newfstatat(AT_FDCWD, "./615/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./615/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./615/bus") = 0 umount2("./615/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./615/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./615") = 0 mkdir("./616", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6894 ./strace-static-x86_64: Process 6894 attached [pid 6894] set_robust_list(0x5555564f6760, 24) = 0 [pid 6894] chdir("./616") = 0 [pid 6894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6894] setpgid(0, 0) = 0 [pid 6894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6894] write(3, "1000", 4) = 4 [pid 6894] close(3) = 0 [pid 6894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6894] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6894] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6895 attached => {parent_tid=[6895]}, 88) = 6895 [pid 6895] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6894] rt_sigprocmask(SIG_SETMASK, [], [pid 6895] set_robust_list(0x7f6d468e79a0, 24 [pid 6894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6895] <... set_robust_list resumed>) = 0 [pid 6894] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] rt_sigprocmask(SIG_SETMASK, [], [pid 6894] <... futex resumed>) = 0 [pid 6895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6894] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6895] memfd_create("syzkaller", 0) = 3 [pid 6895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6895] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6895] close(3) = 0 [pid 6895] mkdir("./bus", 0777) = 0 [pid 6895] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6895] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6895] chdir("./bus") = 0 [pid 6895] ioctl(4, LOOP_CLR_FD) = 0 [pid 6895] close(4) = 0 [pid 6895] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6895] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6894] <... futex resumed>) = 0 [pid 6895] memfd_create("syzkaller", 0 [pid 6894] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6895] <... memfd_create resumed>) = 4 [pid 6895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6895] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6895] munmap(0x7f6d360cf000, 32768) = 0 [pid 6895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6895] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6895] ioctl(5, LOOP_CLR_FD) = 0 [pid 6895] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6895] close(5) = 0 [pid 6895] close(4) = 0 [pid 6895] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... futex resumed>) = 0 [pid 6895] <... futex resumed>) = 1 [pid 6894] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6894] <... futex resumed>) = 0 [pid 6895] <... openat resumed>) = 4 [pid 6894] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6895] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6894] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... write resumed>) = 12288 [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6895] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6894] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... mmap resumed>) = 0x20000000 [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] <... futex resumed>) = 1 [pid 6895] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [ 162.108675][ T6895] loop0: detected capacity change from 0 to 64 [pid 6895] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6895] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... futex resumed>) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6895] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6895] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6894] <... mmap resumed>) = 0x7f6d360b6000 [pid 6895] <... openat resumed>) = 6 [pid 6894] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6895] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6895] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] <... clone3 resumed> => {parent_tid=[6896]}, 88) = 6896 [pid 6894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6896 attached [pid 6896] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6896] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6894] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6894] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6896] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6896] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6896] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] exit_group(0 [pid 6895] <... futex resumed>) = ? [pid 6896] <... futex resumed>) = ? [pid 6894] <... exit_group resumed>) = ? [pid 6896] +++ exited with 0 +++ [pid 6895] +++ exited with 0 +++ [pid 6894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6894, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./616", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./616/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./616/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./616/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./616/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./616/bus") = 0 umount2("./616/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./616/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./616") = 0 mkdir("./617", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6897 attached , child_tidptr=0x5555564f6750) = 6897 [pid 6897] set_robust_list(0x5555564f6760, 24) = 0 [pid 6897] chdir("./617") = 0 [pid 6897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6897] setpgid(0, 0) = 0 [pid 6897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6897] write(3, "1000", 4) = 4 [pid 6897] close(3) = 0 [pid 6897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6897] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6897] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6897] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6898 attached => {parent_tid=[6898]}, 88) = 6898 [pid 6898] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6898] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6897] rt_sigprocmask(SIG_SETMASK, [], [pid 6898] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6897] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6897] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6898] memfd_create("syzkaller", 0) = 3 [pid 6898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6898] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6898] close(3) = 0 [pid 6898] mkdir("./bus", 0777) = 0 [pid 6898] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6898] chdir("./bus") = 0 [pid 6898] ioctl(4, LOOP_CLR_FD) = 0 [pid 6898] close(4) = 0 [pid 6898] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... futex resumed>) = 0 [pid 6898] memfd_create("syzkaller", 0 [pid 6897] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6898] <... memfd_create resumed>) = 4 [pid 6898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6898] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6898] munmap(0x7f6d360cf000, 32768) = 0 [pid 6898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6898] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6898] ioctl(5, LOOP_CLR_FD) = 0 [pid 6898] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6898] close(5) = 0 [pid 6898] close(4) = 0 [pid 6898] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6897] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] <... openat resumed>) = 4 [pid 6898] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = 0 [pid 6898] <... futex resumed>) = 1 [pid 6897] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6897] <... futex resumed>) = 0 [pid 6898] <... write resumed>) = 12288 [pid 6897] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = 0 [pid 6898] <... futex resumed>) = 1 [pid 6897] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6897] <... futex resumed>) = 0 [pid 6898] <... mmap resumed>) = 0x20000000 [pid 6897] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = 0 [pid 6898] <... futex resumed>) = 1 [pid 6897] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 162.232065][ T6898] loop0: detected capacity change from 0 to 64 [pid 6897] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6898] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6898] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = 0 [pid 6898] <... futex resumed>) = 1 [pid 6897] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6897] <... futex resumed>) = 0 [pid 6898] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6897] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] <... openat resumed>) = 6 [pid 6897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6898] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] <... mmap resumed>) = 0x7f6d360b6000 [pid 6898] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6899 attached [pid 6899] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6897] <... clone3 resumed> => {parent_tid=[6899]}, 88) = 6899 [pid 6899] <... rseq resumed>) = 0 [pid 6899] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6897] rt_sigprocmask(SIG_SETMASK, [], [pid 6899] rt_sigprocmask(SIG_SETMASK, [], [pid 6897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6897] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6897] <... futex resumed>) = 0 [pid 6899] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6897] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] exit_group(0 [pid 6899] <... futex resumed>) = ? [pid 6898] <... futex resumed>) = ? [pid 6897] <... exit_group resumed>) = ? [pid 6899] +++ exited with 0 +++ [pid 6898] +++ exited with 0 +++ [pid 6897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6897, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./617", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./617/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./617/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./617/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./617/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./617/bus") = 0 umount2("./617/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./617/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./617") = 0 mkdir("./618", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6900 attached , child_tidptr=0x5555564f6750) = 6900 [pid 6900] set_robust_list(0x5555564f6760, 24) = 0 [pid 6900] chdir("./618") = 0 [pid 6900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6900] setpgid(0, 0) = 0 [pid 6900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6900] write(3, "1000", 4) = 4 [pid 6900] close(3) = 0 [pid 6900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6900] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6900] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6900] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6901 attached => {parent_tid=[6901]}, 88) = 6901 [pid 6900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6900] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6900] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6901] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6901] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6901] memfd_create("syzkaller", 0) = 3 [pid 6901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6901] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6901] close(3) = 0 [pid 6901] mkdir("./bus", 0777) = 0 [pid 6901] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6901] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6901] chdir("./bus") = 0 [pid 6901] ioctl(4, LOOP_CLR_FD) = 0 [pid 6901] close(4) = 0 [pid 6901] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6901] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6901] memfd_create("syzkaller", 0 [pid 6900] <... futex resumed>) = 0 [pid 6901] <... memfd_create resumed>) = 4 [pid 6900] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6901] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6901] munmap(0x7f6d360cf000, 32768) = 0 [pid 6901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6901] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6901] ioctl(5, LOOP_CLR_FD) = 0 [pid 6901] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6901] close(5) = 0 [pid 6901] close(4) = 0 [pid 6901] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6901] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6900] <... futex resumed>) = 0 [pid 6901] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6900] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6901] <... openat resumed>) = 4 [pid 6901] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... futex resumed>) = 0 [pid 6900] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6900] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6901] <... futex resumed>) = 1 [pid 6901] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6901] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... futex resumed>) = 0 [pid 6900] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6900] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6901] <... futex resumed>) = 1 [pid 6901] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6901] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... futex resumed>) = 0 [pid 6901] <... futex resumed>) = 1 [pid 6900] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6900] <... futex resumed>) = 0 [pid 6901] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6900] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6901] <... openat resumed>) = 5 [pid 6901] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... futex resumed>) = 0 [pid 6900] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6900] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] <... futex resumed>) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6901] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6901] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6900] <... mmap resumed>) = 0x7f6d360b6000 [pid 6900] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6900] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6901] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6901] <... futex resumed>) = 0 [pid 6900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6901] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6902 attached [pid 6902] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6902] set_robust_list(0x7f6d360d69a0, 24 [pid 6900] <... clone3 resumed> => {parent_tid=[6902]}, 88) = 6902 [pid 6902] <... set_robust_list resumed>) = 0 [pid 6902] rt_sigprocmask(SIG_SETMASK, [], [pid 6900] rt_sigprocmask(SIG_SETMASK, [], [pid 6902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6902] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6900] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6900] <... futex resumed>) = 0 [pid 6900] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6902] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6902] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6902] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] exit_group(0 [pid 6901] <... futex resumed>) = ? [pid 6902] <... futex resumed>) = ? [pid 6900] <... exit_group resumed>) = ? [pid 6901] +++ exited with 0 +++ [pid 6902] +++ exited with 0 +++ [pid 6900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6900, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./618", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./618/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./618/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./618/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./618/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.361225][ T6901] loop0: detected capacity change from 0 to 64 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./618/bus") = 0 umount2("./618/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./618/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./618") = 0 mkdir("./619", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6903 ./strace-static-x86_64: Process 6903 attached [pid 6903] set_robust_list(0x5555564f6760, 24) = 0 [pid 6903] chdir("./619") = 0 [pid 6903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6903] setpgid(0, 0) = 0 [pid 6903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6903] write(3, "1000", 4) = 4 [pid 6903] close(3) = 0 [pid 6903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6903] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6903] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6903] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6904 attached [pid 6904] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6904] set_robust_list(0x7f6d468e79a0, 24 [pid 6903] <... clone3 resumed> => {parent_tid=[6904]}, 88) = 6904 [pid 6904] <... set_robust_list resumed>) = 0 [pid 6903] rt_sigprocmask(SIG_SETMASK, [], [pid 6904] rt_sigprocmask(SIG_SETMASK, [], [pid 6903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6903] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] memfd_create("syzkaller", 0) = 3 [pid 6903] <... futex resumed>) = 0 [pid 6904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6903] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6904] <... mmap resumed>) = 0x7f6d3e4c7000 [pid 6904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6904] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6904] close(3) = 0 [pid 6904] mkdir("./bus", 0777) = 0 [pid 6904] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6904] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6904] chdir("./bus") = 0 [pid 6904] ioctl(4, LOOP_CLR_FD) = 0 [pid 6904] close(4) = 0 [pid 6904] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6904] memfd_create("syzkaller", 0 [pid 6903] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] <... memfd_create resumed>) = 4 [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6904] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6904] munmap(0x7f6d360cf000, 32768) = 0 [pid 6904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6904] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6904] ioctl(5, LOOP_CLR_FD) = 0 [pid 6904] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6904] close(5) = 0 [pid 6904] close(4) = 0 [pid 6904] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6904] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6904] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6904] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6904] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6904] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6904] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6903] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6903] <... futex resumed>) = 0 [pid 6904] <... openat resumed>) = 5 [pid 6903] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6903] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6905]}, 88) = 6905 [pid 6903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6903] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] <... futex resumed>) = 1 [ 162.454672][ T6904] loop0: detected capacity change from 0 to 64 ./strace-static-x86_64: Process 6905 attached [pid 6904] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6904] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6905] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6904] <... openat resumed>) = 6 [pid 6905] <... rseq resumed>) = 0 [pid 6905] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6905] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6904] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6904] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6905] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6903] <... futex resumed>) = 0 [pid 6905] <... futex resumed>) = 1 [pid 6905] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6903] exit_group(0 [pid 6905] <... futex resumed>) = ? [pid 6903] <... exit_group resumed>) = ? [pid 6905] +++ exited with 0 +++ [pid 6904] <... futex resumed>) = ? [pid 6904] +++ exited with 0 +++ [pid 6903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6903, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./619", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./619/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./619/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./619/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./619/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./619/bus") = 0 umount2("./619/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./619/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./619") = 0 mkdir("./620", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6906 attached , child_tidptr=0x5555564f6750) = 6906 [pid 6906] set_robust_list(0x5555564f6760, 24) = 0 [pid 6906] chdir("./620") = 0 [pid 6906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6906] setpgid(0, 0) = 0 [pid 6906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6906] write(3, "1000", 4) = 4 [pid 6906] close(3) = 0 [pid 6906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6906] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6906] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6906] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6907]}, 88) = 6907 [pid 6906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6906] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6907 attached [pid 6907] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6907] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6907] memfd_create("syzkaller", 0) = 3 [pid 6907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6907] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6907] close(3) = 0 [pid 6907] mkdir("./bus", 0777) = 0 [pid 6907] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6907] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6907] chdir("./bus") = 0 [pid 6907] ioctl(4, LOOP_CLR_FD) = 0 [pid 6907] close(4) = 0 [pid 6907] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6906] <... futex resumed>) = 0 [pid 6907] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6906] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6906] <... futex resumed>) = 0 [pid 6907] memfd_create("syzkaller", 0 [pid 6906] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6907] <... memfd_create resumed>) = 4 [pid 6907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6907] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6907] munmap(0x7f6d360cf000, 32768) = 0 [pid 6907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6907] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6907] ioctl(5, LOOP_CLR_FD) = 0 [pid 6907] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6907] close(5) = 0 [pid 6907] close(4) = 0 [pid 6907] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] <... futex resumed>) = 0 [pid 6906] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] <... futex resumed>) = 1 [pid 6907] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6907] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] <... futex resumed>) = 0 [pid 6906] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] <... futex resumed>) = 1 [pid 6907] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6907] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6907] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6906] <... futex resumed>) = 0 [pid 6906] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... futex resumed>) = 0 [pid 6906] <... futex resumed>) = 1 [pid 6907] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6906] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6906] <... futex resumed>) = 0 [pid 6907] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6906] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6906] <... futex resumed>) = 0 [pid 6907] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6906] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6907] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] <... futex resumed>) = 0 [pid 6906] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6906] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6908 attached [pid 6908] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6906] <... clone3 resumed> => {parent_tid=[6908]}, 88) = 6908 [pid 6908] set_robust_list(0x7f6d360d69a0, 24 [pid 6907] <... futex resumed>) = 1 [pid 6906] rt_sigprocmask(SIG_SETMASK, [], [pid 6908] <... set_robust_list resumed>) = 0 [pid 6908] rt_sigprocmask(SIG_SETMASK, [], [pid 6907] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6908] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6907] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6906] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6906] <... futex resumed>) = 0 [pid 6908] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6906] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6908] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6907] <... openat resumed>) = 6 [pid 6908] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6906] <... futex resumed>) = 0 [pid 6908] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6907] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6907] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6906] exit_group(0) = ? [pid 6908] <... futex resumed>) = ? [pid 6907] <... futex resumed>) = ? [pid 6908] +++ exited with 0 +++ [pid 6907] +++ exited with 0 +++ [pid 6906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6906, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./620", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.572225][ T6907] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./620/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./620/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./620/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./620/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./620/bus") = 0 umount2("./620/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./620/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./620") = 0 mkdir("./621", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6909 attached , child_tidptr=0x5555564f6750) = 6909 [pid 6909] set_robust_list(0x5555564f6760, 24) = 0 [pid 6909] chdir("./621") = 0 [pid 6909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6909] setpgid(0, 0) = 0 [pid 6909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6909] write(3, "1000", 4) = 4 [pid 6909] close(3) = 0 [pid 6909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6909] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6909] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6910]}, 88) = 6910 [pid 6909] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6910 attached NULL, 8) = 0 [pid 6910] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6909] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] <... rseq resumed>) = 0 [pid 6910] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6910] rt_sigprocmask(SIG_SETMASK, [], [pid 6909] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6910] memfd_create("syzkaller", 0) = 3 [pid 6910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6910] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6910] close(3) = 0 [pid 6910] mkdir("./bus", 0777) = 0 [pid 6910] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6910] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6910] chdir("./bus") = 0 [pid 6910] ioctl(4, LOOP_CLR_FD) = 0 [pid 6910] close(4) = 0 [pid 6910] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6910] <... futex resumed>) = 1 [pid 6910] memfd_create("syzkaller", 0) = 4 [pid 6910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6910] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6910] munmap(0x7f6d360cf000, 32768) = 0 [pid 6910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6910] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6910] ioctl(5, LOOP_CLR_FD) = 0 [pid 6910] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6910] close(5) = 0 [pid 6910] close(4) = 0 [pid 6910] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6910] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] <... futex resumed>) = 1 [pid 6910] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6910] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] <... futex resumed>) = 1 [pid 6910] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6910] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] <... futex resumed>) = 1 [pid 6910] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6910] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6910] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6909] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6911 attached => {parent_tid=[6911]}, 88) = 6911 [pid 6909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6909] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] <... futex resumed>) = 1 [pid 6910] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6911] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6910] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6911] set_robust_list(0x7f6d360d69a0, 24 [pid 6910] <... openat resumed>) = 6 [pid 6911] <... set_robust_list resumed>) = 0 [pid 6911] rt_sigprocmask(SIG_SETMASK, [], [pid 6910] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6911] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6910] <... futex resumed>) = 0 [pid 6910] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6911] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6911] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... futex resumed>) = 0 [pid 6911] <... futex resumed>) = 1 [pid 6911] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6909] exit_group(0 [pid 6910] <... futex resumed>) = ? [pid 6909] <... exit_group resumed>) = ? [pid 6911] <... futex resumed>) = ? [pid 6911] +++ exited with 0 +++ [pid 6910] +++ exited with 0 +++ [pid 6909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6909, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./621", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./621/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./621/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./621/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./621/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./621/bus") = 0 umount2("./621/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./621/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./621") = 0 mkdir("./622", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6912 attached , child_tidptr=0x5555564f6750) = 6912 [pid 6912] set_robust_list(0x5555564f6760, 24) = 0 [pid 6912] chdir("./622") = 0 [ 162.672912][ T6910] loop0: detected capacity change from 0 to 64 [pid 6912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6912] setpgid(0, 0) = 0 [pid 6912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6912] write(3, "1000", 4) = 4 [pid 6912] close(3) = 0 [pid 6912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6912] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6912] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6912] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6913 attached => {parent_tid=[6913]}, 88) = 6913 [pid 6913] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6912] rt_sigprocmask(SIG_SETMASK, [], [pid 6913] <... rseq resumed>) = 0 [pid 6913] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], [pid 6912] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6912] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6913] memfd_create("syzkaller", 0) = 3 [pid 6913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6913] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6913] close(3) = 0 [pid 6913] mkdir("./bus", 0777) = 0 [pid 6913] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6913] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6913] chdir("./bus") = 0 [pid 6913] ioctl(4, LOOP_CLR_FD) = 0 [pid 6913] close(4) = 0 [pid 6913] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] <... futex resumed>) = 0 [pid 6913] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6912] <... futex resumed>) = 0 [pid 6913] memfd_create("syzkaller", 0 [pid 6912] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6913] <... memfd_create resumed>) = 4 [pid 6913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6913] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6913] munmap(0x7f6d360cf000, 32768) = 0 [pid 6913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6913] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6913] ioctl(5, LOOP_CLR_FD) = 0 [pid 6913] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6913] close(5) = 0 [pid 6913] close(4) = 0 [pid 6913] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] <... futex resumed>) = 0 [pid 6913] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6913] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6912] <... futex resumed>) = 0 [pid 6912] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6913] <... openat resumed>) = 4 [pid 6913] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] <... futex resumed>) = 0 [pid 6913] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6912] <... futex resumed>) = 0 [pid 6913] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6912] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6913] <... write resumed>) = 12288 [pid 6913] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] <... futex resumed>) = 0 [pid 6913] <... futex resumed>) = 1 [pid 6912] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6912] <... futex resumed>) = 0 [pid 6912] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6913] <... mmap resumed>) = 0x20000000 [pid 6913] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] <... futex resumed>) = 0 [pid 6913] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6912] <... futex resumed>) = 0 [pid 6913] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6912] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6913] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6913] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] <... futex resumed>) = 0 [pid 6913] <... futex resumed>) = 1 [pid 6912] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6912] <... futex resumed>) = 0 [pid 6912] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6912] <... futex resumed>) = 0 [pid 6912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6912] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6914 attached [pid 6914] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6913] <... openat resumed>) = 6 [pid 6912] <... clone3 resumed> => {parent_tid=[6914]}, 88) = 6914 [pid 6914] <... rseq resumed>) = 0 [pid 6914] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6912] rt_sigprocmask(SIG_SETMASK, [], [pid 6913] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6913] <... futex resumed>) = 0 [pid 6914] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6912] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6912] <... futex resumed>) = 1 [pid 6914] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6912] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6914] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6914] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] <... futex resumed>) = 0 [pid 6914] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] exit_group(0 [pid 6914] <... futex resumed>) = ? [pid 6913] <... futex resumed>) = ? [pid 6912] <... exit_group resumed>) = ? [ 162.752920][ T6913] loop0: detected capacity change from 0 to 64 [pid 6913] +++ exited with 0 +++ [pid 6914] +++ exited with 0 +++ [pid 6912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6912, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./622", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./622/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./622/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./622/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./622/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./622/bus") = 0 umount2("./622/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./622/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./622") = 0 mkdir("./623", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6915 attached , child_tidptr=0x5555564f6750) = 6915 [pid 6915] set_robust_list(0x5555564f6760, 24) = 0 [pid 6915] chdir("./623") = 0 [pid 6915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6915] setpgid(0, 0) = 0 [pid 6915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6915] write(3, "1000", 4) = 4 [pid 6915] close(3) = 0 [pid 6915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6915] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6915] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6915] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6916 attached [pid 6916] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6915] <... clone3 resumed> => {parent_tid=[6916]}, 88) = 6916 [pid 6916] <... rseq resumed>) = 0 [pid 6915] rt_sigprocmask(SIG_SETMASK, [], [pid 6916] set_robust_list(0x7f6d468e79a0, 24 [pid 6915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6916] <... set_robust_list resumed>) = 0 [pid 6915] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6915] <... futex resumed>) = 0 [pid 6916] memfd_create("syzkaller", 0 [pid 6915] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6916] <... memfd_create resumed>) = 3 [pid 6916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6916] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6916] close(3) = 0 [pid 6916] mkdir("./bus", 0777) = 0 [pid 6916] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6916] chdir("./bus") = 0 [pid 6916] ioctl(4, LOOP_CLR_FD) = 0 [pid 6916] close(4) = 0 [pid 6916] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... futex resumed>) = 0 [pid 6916] <... futex resumed>) = 1 [pid 6915] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] memfd_create("syzkaller", 0 [pid 6915] <... futex resumed>) = 0 [pid 6916] <... memfd_create resumed>) = 4 [pid 6915] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6916] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6916] munmap(0x7f6d360cf000, 32768) = 0 [pid 6916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6916] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6916] ioctl(5, LOOP_CLR_FD) = 0 [pid 6916] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6916] close(5) = 0 [pid 6916] close(4) = 0 [pid 6916] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... futex resumed>) = 0 [pid 6916] <... futex resumed>) = 1 [pid 6915] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6915] <... futex resumed>) = 0 [pid 6915] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] <... openat resumed>) = 4 [pid 6916] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... futex resumed>) = 0 [pid 6915] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6915] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] <... futex resumed>) = 1 [pid 6916] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6916] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6915] <... futex resumed>) = 0 [pid 6915] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6916] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6915] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] <... mmap resumed>) = 0x20000000 [pid 6916] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6915] <... futex resumed>) = 0 [pid 6915] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6915] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6916] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6916] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6915] <... futex resumed>) = 0 [pid 6916] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6915] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] <... futex resumed>) = 0 [pid 6915] <... futex resumed>) = 1 [pid 6916] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6915] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6915] <... futex resumed>) = 0 [pid 6915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6915] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6916] <... openat resumed>) = 6 [pid 6915] <... mprotect resumed>) = 0 [pid 6915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6917 attached => {parent_tid=[6917]}, 88) = 6917 [pid 6917] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6915] rt_sigprocmask(SIG_SETMASK, [], [pid 6917] <... rseq resumed>) = 0 [pid 6915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6917] set_robust_list(0x7f6d360d69a0, 24 [pid 6915] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... set_robust_list resumed>) = 0 [pid 6917] rt_sigprocmask(SIG_SETMASK, [], [pid 6915] <... futex resumed>) = 0 [pid 6917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6916] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6917] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6917] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... futex resumed>) = 0 [pid 6915] exit_group(0 [pid 6916] <... futex resumed>) = ? [pid 6915] <... exit_group resumed>) = ? [pid 6917] <... futex resumed>) = ? [pid 6917] +++ exited with 0 +++ [pid 6916] +++ exited with 0 +++ [pid 6915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6915, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./623", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./623/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./623/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./623/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./623/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./623/bus") = 0 umount2("./623/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./623/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./623") = 0 mkdir("./624", 0777) = 0 [ 162.839562][ T6916] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6918 attached , child_tidptr=0x5555564f6750) = 6918 [pid 6918] set_robust_list(0x5555564f6760, 24) = 0 [pid 6918] chdir("./624") = 0 [pid 6918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6918] setpgid(0, 0) = 0 [pid 6918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6918] write(3, "1000", 4) = 4 [pid 6918] close(3) = 0 [pid 6918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6918] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6918] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6919]}, 88) = 6919 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6918] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6919 attached [pid 6919] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6919] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6919] memfd_create("syzkaller", 0) = 3 [pid 6919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6919] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6919] close(3) = 0 [pid 6919] mkdir("./bus", 0777) = 0 [pid 6919] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6919] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6919] chdir("./bus") = 0 [pid 6919] ioctl(4, LOOP_CLR_FD) = 0 [pid 6919] close(4) = 0 [pid 6919] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] memfd_create("syzkaller", 0 [pid 6918] <... futex resumed>) = 0 [pid 6919] <... memfd_create resumed>) = 4 [pid 6919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6918] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6919] <... mmap resumed>) = 0x7f6d360cf000 [pid 6919] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6919] munmap(0x7f6d360cf000, 32768) = 0 [pid 6919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6919] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6919] ioctl(5, LOOP_CLR_FD) = 0 [pid 6919] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6919] close(5) = 0 [pid 6919] close(4) = 0 [pid 6919] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6919] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6919] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6919] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6919] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6919] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6919] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6919] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6918] <... futex resumed>) = 0 [pid 6919] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6918] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] <... openat resumed>) = 5 [ 162.927946][ T6919] loop0: detected capacity change from 0 to 64 [pid 6919] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6919] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6918] <... futex resumed>) = 0 [pid 6919] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6918] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6918] <... futex resumed>) = 0 [pid 6919] <... openat resumed>) = 6 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6919] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6918] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6919] <... futex resumed>) = 0 [pid 6919] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] <... mprotect resumed>) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6920 attached => {parent_tid=[6920]}, 88) = 6920 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6918] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6920] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6920] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6920] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6920] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6920] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] exit_group(0) = ? [pid 6920] <... futex resumed>) = ? [pid 6919] <... futex resumed>) = ? [pid 6920] +++ exited with 0 +++ [pid 6919] +++ exited with 0 +++ [pid 6918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6918, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./624", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./624/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./624/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./624/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./624/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./624/bus") = 0 umount2("./624/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./624/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./624") = 0 mkdir("./625", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6921 attached [pid 6921] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6921 [pid 6921] chdir("./625") = 0 [pid 6921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6921] setpgid(0, 0) = 0 [pid 6921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6921] write(3, "1000", 4) = 4 [pid 6921] close(3) = 0 [pid 6921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6921] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6921] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6921] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6921] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6922 attached [pid 6922] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6922] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6922] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] <... clone3 resumed> => {parent_tid=[6922]}, 88) = 6922 [pid 6921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6921] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... futex resumed>) = 0 [pid 6921] <... futex resumed>) = 1 [pid 6922] memfd_create("syzkaller", 0) = 3 [pid 6921] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6922] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6922] close(3) = 0 [pid 6922] mkdir("./bus", 0777) = 0 [pid 6922] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6922] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6922] chdir("./bus") = 0 [pid 6922] ioctl(4, LOOP_CLR_FD) = 0 [pid 6922] close(4) = 0 [pid 6922] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6921] <... futex resumed>) = 0 [pid 6922] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6921] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6922] memfd_create("syzkaller", 0) = 4 [pid 6922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6922] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6922] munmap(0x7f6d360cf000, 32768) = 0 [pid 6922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6922] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6922] ioctl(5, LOOP_CLR_FD) = 0 [pid 6922] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6922] close(5) = 0 [pid 6922] close(4) = 0 [pid 6922] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6921] <... futex resumed>) = 0 [pid 6922] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6921] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6922] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6922] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6921] <... futex resumed>) = 0 [pid 6922] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6921] <... futex resumed>) = 0 [pid 6922] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6921] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6922] <... write resumed>) = 12288 [pid 6922] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] <... futex resumed>) = 0 [pid 6922] <... futex resumed>) = 1 [pid 6921] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6921] <... futex resumed>) = 0 [pid 6922] <... mmap resumed>) = 0x20000000 [pid 6921] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6922] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] <... futex resumed>) = 0 [pid 6921] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] <... futex resumed>) = 1 [pid 6921] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6922] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6922] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6922] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] <... futex resumed>) = 0 [pid 6921] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6921] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] <... futex resumed>) = 1 [pid 6921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6922] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6921] <... mmap resumed>) = 0x7f6d360b6000 [pid 6922] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6921] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6921] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6922] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6921] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6922] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6923]}, 88) = 6923 ./strace-static-x86_64: Process 6923 attached [pid 6923] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6921] rt_sigprocmask(SIG_SETMASK, [], [pid 6923] <... rseq resumed>) = 0 [pid 6921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6921] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6921] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6923] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6923] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6923] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] <... futex resumed>) = 0 [pid 6923] <... futex resumed>) = 1 [pid 6923] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] exit_group(0 [pid 6923] <... futex resumed>) = ? [pid 6921] <... exit_group resumed>) = ? [pid 6923] +++ exited with 0 +++ [pid 6922] <... futex resumed>) = ? [pid 6922] +++ exited with 0 +++ [ 163.050056][ T6922] loop0: detected capacity change from 0 to 64 [pid 6921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6921, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./625", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./625/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./625/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./625/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./625/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./625/bus") = 0 umount2("./625/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./625/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./625") = 0 mkdir("./626", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6924 attached , child_tidptr=0x5555564f6750) = 6924 [pid 6924] set_robust_list(0x5555564f6760, 24) = 0 [pid 6924] chdir("./626") = 0 [pid 6924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6924] setpgid(0, 0) = 0 [pid 6924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6924] write(3, "1000", 4) = 4 [pid 6924] close(3) = 0 [pid 6924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6924] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6924] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6925 attached => {parent_tid=[6925]}, 88) = 6925 [pid 6924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6924] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6925] set_robust_list(0x7f6d468e79a0, 24 [pid 6924] <... futex resumed>) = 0 [pid 6925] <... set_robust_list resumed>) = 0 [pid 6924] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6925] memfd_create("syzkaller", 0) = 3 [pid 6925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6925] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6925] close(3) = 0 [pid 6925] mkdir("./bus", 0777) = 0 [pid 6925] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6925] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6925] chdir("./bus") = 0 [pid 6925] ioctl(4, LOOP_CLR_FD) = 0 [pid 6925] close(4) = 0 [pid 6925] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6925] <... futex resumed>) = 1 [pid 6924] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] memfd_create("syzkaller", 0 [pid 6924] <... futex resumed>) = 0 [pid 6925] <... memfd_create resumed>) = 4 [pid 6924] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6925] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6925] munmap(0x7f6d360cf000, 32768) = 0 [pid 6925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6925] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6925] ioctl(5, LOOP_CLR_FD) = 0 [pid 6925] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6925] close(5) = 0 [pid 6925] close(4) = 0 [pid 6925] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6925] <... futex resumed>) = 1 [pid 6925] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6924] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6925] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6924] <... futex resumed>) = 0 [pid 6925] <... openat resumed>) = 4 [pid 6924] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6924] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] <... futex resumed>) = 1 [pid 6925] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6925] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6924] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] <... futex resumed>) = 1 [pid 6925] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6925] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6924] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] <... futex resumed>) = 1 [pid 6925] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6925] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6925] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6924] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] <... futex resumed>) = 1 [pid 6924] <... futex resumed>) = 0 [pid 6925] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6924] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6925] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6924] <... mmap resumed>) = 0x7f6d360b6000 [pid 6925] <... openat resumed>) = 6 [pid 6925] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6925] <... futex resumed>) = 0 [pid 6924] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6925] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6924] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6926 attached => {parent_tid=[6926]}, 88) = 6926 [pid 6926] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6924] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] <... rseq resumed>) = 0 [pid 6926] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6926] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6926] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6924] <... futex resumed>) = 0 [pid 6926] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6924] exit_group(0 [pid 6926] <... futex resumed>) = ? [pid 6924] <... exit_group resumed>) = ? [pid 6926] +++ exited with 0 +++ [pid 6925] <... futex resumed>) = ? [pid 6925] +++ exited with 0 +++ [pid 6924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6924, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./626", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 163.160144][ T6925] loop0: detected capacity change from 0 to 64 umount2("./626/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./626/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./626/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./626/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./626/bus") = 0 umount2("./626/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./626/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./626") = 0 mkdir("./627", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6927 ./strace-static-x86_64: Process 6927 attached [pid 6927] set_robust_list(0x5555564f6760, 24) = 0 [pid 6927] chdir("./627") = 0 [pid 6927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6927] setpgid(0, 0) = 0 [pid 6927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6927] write(3, "1000", 4) = 4 [pid 6927] close(3) = 0 [pid 6927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6927] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6927] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6927] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6928 attached => {parent_tid=[6928]}, 88) = 6928 [pid 6928] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6927] rt_sigprocmask(SIG_SETMASK, [], [pid 6928] <... rseq resumed>) = 0 [pid 6927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6928] set_robust_list(0x7f6d468e79a0, 24 [pid 6927] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... set_robust_list resumed>) = 0 [pid 6927] <... futex resumed>) = 0 [pid 6928] rt_sigprocmask(SIG_SETMASK, [], [pid 6927] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6928] memfd_create("syzkaller", 0) = 3 [pid 6928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6928] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6928] close(3) = 0 [pid 6928] mkdir("./bus", 0777) = 0 [pid 6928] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6928] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6928] chdir("./bus") = 0 [pid 6928] ioctl(4, LOOP_CLR_FD) = 0 [pid 6928] close(4) = 0 [pid 6928] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6927] <... futex resumed>) = 0 [pid 6928] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6927] <... futex resumed>) = 0 [pid 6927] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6928] memfd_create("syzkaller", 0) = 4 [pid 6928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6928] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6928] munmap(0x7f6d360cf000, 32768) = 0 [pid 6928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6928] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6928] ioctl(5, LOOP_CLR_FD) = 0 [pid 6928] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6928] close(5) = 0 [pid 6928] close(4) = 0 [pid 6928] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6927] <... futex resumed>) = 0 [pid 6928] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6927] <... futex resumed>) = 0 [pid 6927] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6928] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6928] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6927] <... futex resumed>) = 0 [pid 6928] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6927] <... futex resumed>) = 0 [pid 6928] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6927] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6928] <... write resumed>) = 12288 [pid 6928] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = 0 [pid 6928] <... futex resumed>) = 1 [pid 6927] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6927] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6928] <... mmap resumed>) = 0x20000000 [pid 6928] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = 0 [pid 6928] <... futex resumed>) = 1 [pid 6927] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6927] <... futex resumed>) = 0 [pid 6927] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6928] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6928] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = 0 [pid 6928] <... futex resumed>) = 1 [pid 6927] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6927] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6928] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6927] <... mmap resumed>) = 0x7f6d360b6000 [pid 6927] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6928] <... openat resumed>) = 6 [pid 6927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6928] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6928] <... futex resumed>) = 0 [pid 6928] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] <... clone3 resumed> => {parent_tid=[6929]}, 88) = 6929 ./strace-static-x86_64: Process 6929 attached [ 163.259897][ T6928] loop0: detected capacity change from 0 to 64 [pid 6927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6927] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6929] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6929] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6927] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6929] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6929] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6927] <... futex resumed>) = 0 [pid 6929] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] exit_group(0 [pid 6929] <... futex resumed>) = ? [pid 6928] <... futex resumed>) = ? [pid 6927] <... exit_group resumed>) = ? [pid 6929] +++ exited with 0 +++ [pid 6928] +++ exited with 0 +++ [pid 6927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6927, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./627", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./627/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./627/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./627/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./627/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./627/bus") = 0 umount2("./627/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./627/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./627") = 0 mkdir("./628", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6930 ./strace-static-x86_64: Process 6930 attached [pid 6930] set_robust_list(0x5555564f6760, 24) = 0 [pid 6930] chdir("./628") = 0 [pid 6930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6930] setpgid(0, 0) = 0 [pid 6930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6930] write(3, "1000", 4) = 4 [pid 6930] close(3) = 0 [pid 6930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6930] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6930] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6930] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6930] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6931 attached [pid 6931] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6930] <... clone3 resumed> => {parent_tid=[6931]}, 88) = 6931 [pid 6930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6930] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... rseq resumed>) = 0 [pid 6931] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6930] <... futex resumed>) = 0 [pid 6931] rt_sigprocmask(SIG_SETMASK, [], [pid 6930] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6931] memfd_create("syzkaller", 0) = 3 [pid 6931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6931] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6931] close(3) = 0 [pid 6931] mkdir("./bus", 0777) = 0 [pid 6931] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6931] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6931] chdir("./bus") = 0 [pid 6931] ioctl(4, LOOP_CLR_FD) = 0 [pid 6931] close(4) = 0 [pid 6931] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6931] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6930] <... futex resumed>) = 0 [pid 6930] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6931] memfd_create("syzkaller", 0) = 4 [pid 6931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6931] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6931] munmap(0x7f6d360cf000, 32768) = 0 [pid 6931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6931] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6931] ioctl(5, LOOP_CLR_FD) = 0 [pid 6931] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6931] close(5) = 0 [pid 6931] close(4) = 0 [pid 6931] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6930] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6930] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6931] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6931] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6930] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6930] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6931] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6931] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6930] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6930] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6931] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6931] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6930] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6930] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6931] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6931] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6931] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6930] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6931] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6930] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6930] <... futex resumed>) = 0 [pid 6931] <... openat resumed>) = 6 [pid 6930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6930] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6931] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6932 attached [pid 6931] <... futex resumed>) = 0 [pid 6931] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] <... clone3 resumed> => {parent_tid=[6932]}, 88) = 6932 [pid 6930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6930] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6930] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6932] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6932] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6932] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6932] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] <... futex resumed>) = 0 [pid 6932] <... futex resumed>) = 1 [pid 6930] exit_group(0 [pid 6932] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] <... exit_group resumed>) = ? [pid 6932] +++ exited with 0 +++ [pid 6931] <... futex resumed>) = ? [pid 6931] +++ exited with 0 +++ [pid 6930] +++ exited with 0 +++ [ 163.381524][ T6931] loop0: detected capacity change from 0 to 64 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6930, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./628", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./628/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./628/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./628/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./628/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./628/bus") = 0 umount2("./628/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./628/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./628") = 0 mkdir("./629", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6933 attached , child_tidptr=0x5555564f6750) = 6933 [pid 6933] set_robust_list(0x5555564f6760, 24) = 0 [pid 6933] chdir("./629") = 0 [pid 6933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6933] setpgid(0, 0) = 0 [pid 6933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6933] write(3, "1000", 4) = 4 [pid 6933] close(3) = 0 [pid 6933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6933] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6933] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6933] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6934 attached [pid 6934] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6934] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6934] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] <... clone3 resumed> => {parent_tid=[6934]}, 88) = 6934 [pid 6933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6933] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 1 [pid 6934] memfd_create("syzkaller", 0 [pid 6933] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6934] <... memfd_create resumed>) = 3 [pid 6934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6934] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6934] close(3) = 0 [pid 6934] mkdir("./bus", 0777) = 0 [pid 6934] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6934] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6934] chdir("./bus") = 0 [pid 6934] ioctl(4, LOOP_CLR_FD) = 0 [pid 6934] close(4) = 0 [pid 6934] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6934] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 1 [pid 6934] memfd_create("syzkaller", 0 [pid 6933] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6934] <... memfd_create resumed>) = 4 [pid 6934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6934] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6934] munmap(0x7f6d360cf000, 32768) = 0 [pid 6934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6934] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6934] ioctl(5, LOOP_CLR_FD) = 0 [pid 6934] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6934] close(5) = 0 [pid 6934] close(4) = 0 [pid 6934] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6934] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6933] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6933] <... futex resumed>) = 0 [pid 6934] <... openat resumed>) = 4 [pid 6933] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6934] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6933] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6934] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6934] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6933] <... futex resumed>) = 0 [pid 6934] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6933] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... openat resumed>) = 5 [pid 6934] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6934] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6934] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6933] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6934] <... openat resumed>) = 6 [pid 6933] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6934] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6934] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6935 attached [pid 6934] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6933] <... clone3 resumed> => {parent_tid=[6935]}, 88) = 6935 [pid 6935] <... rseq resumed>) = 0 [pid 6933] rt_sigprocmask(SIG_SETMASK, [], [pid 6935] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6935] rt_sigprocmask(SIG_SETMASK, [], [pid 6933] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6935] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6933] <... futex resumed>) = 0 [ 163.495038][ T6934] loop0: detected capacity change from 0 to 64 [pid 6933] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6935] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6935] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6933] exit_group(0) = ? [pid 6934] <... futex resumed>) = ? [pid 6935] +++ exited with 0 +++ [pid 6934] +++ exited with 0 +++ [pid 6933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6933, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./629", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./629/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./629/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./629/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./629/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./629/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./629/bus") = 0 umount2("./629/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./629/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./629/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./629") = 0 mkdir("./630", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6936 attached , child_tidptr=0x5555564f6750) = 6936 [pid 6936] set_robust_list(0x5555564f6760, 24) = 0 [pid 6936] chdir("./630") = 0 [pid 6936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6936] setpgid(0, 0) = 0 [pid 6936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6936] write(3, "1000", 4) = 4 [pid 6936] close(3) = 0 [pid 6936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6936] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6936] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6936] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6936] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6937]}, 88) = 6937 ./strace-static-x86_64: Process 6937 attached [pid 6936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6936] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6937] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6937] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6937] memfd_create("syzkaller", 0) = 3 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6937] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6937] close(3) = 0 [pid 6937] mkdir("./bus", 0777) = 0 [pid 6937] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6937] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6937] chdir("./bus") = 0 [pid 6937] ioctl(4, LOOP_CLR_FD) = 0 [pid 6937] close(4) = 0 [pid 6937] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6936] <... futex resumed>) = 0 [pid 6936] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... futex resumed>) = 0 [pid 6936] <... futex resumed>) = 1 [pid 6937] memfd_create("syzkaller", 0 [pid 6936] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6937] <... memfd_create resumed>) = 4 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6937] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6937] munmap(0x7f6d360cf000, 32768) = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6937] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6937] ioctl(5, LOOP_CLR_FD) = 0 [pid 6937] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6937] close(5) = 0 [pid 6937] close(4) = 0 [pid 6937] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6936] <... futex resumed>) = 0 [pid 6936] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6937] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6936] <... futex resumed>) = 0 [pid 6936] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6937] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = 0 [pid 6936] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... futex resumed>) = 1 [pid 6937] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6937] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = 0 [pid 6936] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... futex resumed>) = 1 [pid 6937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6937] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6937] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = 0 [pid 6936] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6936] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6936] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6938 attached => {parent_tid=[6938]}, 88) = 6938 [pid 6938] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6936] rt_sigprocmask(SIG_SETMASK, [], [pid 6938] <... rseq resumed>) = 0 [pid 6936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6936] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] set_robust_list(0x7f6d360d69a0, 24 [pid 6936] <... futex resumed>) = 0 [pid 6938] <... set_robust_list resumed>) = 0 [pid 6936] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] rt_sigprocmask(SIG_SETMASK, [], [pid 6937] <... futex resumed>) = 1 [pid 6938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6938] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6937] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6938] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6937] <... openat resumed>) = 6 [pid 6938] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... futex resumed>) = 1 [pid 6937] <... futex resumed>) = 0 [pid 6936] <... futex resumed>) = 0 [pid 6938] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6937] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6936] exit_group(0) = ? [pid 6938] <... futex resumed>) = ? [pid 6937] <... futex resumed>) = ? [pid 6937] +++ exited with 0 +++ [pid 6938] +++ exited with 0 +++ [pid 6936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6936, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./630", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./630/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./630/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./630/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 163.603296][ T6937] loop0: detected capacity change from 0 to 64 umount2("./630/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./630/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./630/bus") = 0 umount2("./630/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./630/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./630/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./630") = 0 mkdir("./631", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6939 ./strace-static-x86_64: Process 6939 attached [pid 6939] set_robust_list(0x5555564f6760, 24) = 0 [pid 6939] chdir("./631") = 0 [pid 6939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6939] setpgid(0, 0) = 0 [pid 6939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6939] write(3, "1000", 4) = 4 [pid 6939] close(3) = 0 [pid 6939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6939] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6939] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6939] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6939] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6939] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6939] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6940 attached => {parent_tid=[6940]}, 88) = 6940 [pid 6939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6939] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6939] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6940] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6940] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6940] memfd_create("syzkaller", 0) = 3 [pid 6940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6940] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6940] close(3) = 0 [pid 6940] mkdir("./bus", 0777) = 0 [pid 6940] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6940] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6940] chdir("./bus") = 0 [pid 6940] ioctl(4, LOOP_CLR_FD) = 0 [pid 6940] close(4) = 0 [pid 6940] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6939] <... futex resumed>) = 0 [pid 6940] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6939] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6939] <... futex resumed>) = 0 [pid 6940] memfd_create("syzkaller", 0 [pid 6939] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6940] <... memfd_create resumed>) = 4 [pid 6940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6940] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6940] munmap(0x7f6d360cf000, 32768) = 0 [pid 6940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6940] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6940] ioctl(5, LOOP_CLR_FD) = 0 [pid 6940] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6940] close(5) = 0 [pid 6940] close(4) = 0 [pid 6940] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6939] <... futex resumed>) = 0 [pid 6940] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6939] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6939] <... futex resumed>) = 0 [pid 6940] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6939] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6940] <... openat resumed>) = 4 [pid 6940] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = 0 [pid 6940] <... futex resumed>) = 1 [pid 6939] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6939] <... futex resumed>) = 0 [pid 6939] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6940] <... write resumed>) = 12288 [pid 6940] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6939] <... futex resumed>) = 0 [pid 6940] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6939] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6939] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6940] <... mmap resumed>) = 0x20000000 [pid 6940] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = 0 [pid 6940] <... futex resumed>) = 1 [pid 6939] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6939] <... futex resumed>) = 0 [pid 6940] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6939] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6940] <... openat resumed>) = 5 [pid 6940] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = 0 [pid 6940] <... futex resumed>) = 1 [pid 6939] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6939] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6939] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6939] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6940] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6939] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6940] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6939] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6941 attached [pid 6941] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6941] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6941] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6940] <... openat resumed>) = 6 [pid 6940] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... clone3 resumed> => {parent_tid=[6941]}, 88) = 6941 [pid 6939] rt_sigprocmask(SIG_SETMASK, [], [pid 6940] <... futex resumed>) = 0 [pid 6939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6939] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6939] <... futex resumed>) = 1 [pid 6941] <... futex resumed>) = 0 [pid 6939] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6941] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6941] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6939] <... futex resumed>) = 0 [pid 6939] exit_group(0 [pid 6940] <... futex resumed>) = ? [pid 6939] <... exit_group resumed>) = ? [pid 6940] +++ exited with 0 +++ [pid 6941] +++ exited with 0 +++ [pid 6939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6939, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 163.695860][ T6940] loop0: detected capacity change from 0 to 64 umount2("./631", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./631/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./631/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./631/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./631/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./631/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./631/bus") = 0 umount2("./631/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./631/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./631/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./631") = 0 mkdir("./632", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6942 attached , child_tidptr=0x5555564f6750) = 6942 [pid 6942] set_robust_list(0x5555564f6760, 24) = 0 [pid 6942] chdir("./632") = 0 [pid 6942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6942] setpgid(0, 0) = 0 [pid 6942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6942] write(3, "1000", 4) = 4 [pid 6942] close(3) = 0 [pid 6942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6942] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6942] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6942] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6943 attached [pid 6943] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6942] <... clone3 resumed> => {parent_tid=[6943]}, 88) = 6943 [pid 6943] <... rseq resumed>) = 0 [pid 6942] rt_sigprocmask(SIG_SETMASK, [], [pid 6943] set_robust_list(0x7f6d468e79a0, 24 [pid 6942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6943] <... set_robust_list resumed>) = 0 [pid 6942] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] rt_sigprocmask(SIG_SETMASK, [], [pid 6942] <... futex resumed>) = 0 [pid 6943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6942] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6943] memfd_create("syzkaller", 0) = 3 [pid 6943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6943] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6943] close(3) = 0 [pid 6943] mkdir("./bus", 0777) = 0 [pid 6943] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6943] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6943] chdir("./bus") = 0 [pid 6943] ioctl(4, LOOP_CLR_FD) = 0 [pid 6943] close(4) = 0 [pid 6943] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6942] <... futex resumed>) = 0 [pid 6943] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = 0 [pid 6942] <... futex resumed>) = 1 [pid 6943] memfd_create("syzkaller", 0) = 4 [pid 6943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6943] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6943] munmap(0x7f6d360cf000, 32768) = 0 [pid 6943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6943] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6943] ioctl(5, LOOP_CLR_FD) = 0 [pid 6943] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6943] close(5) = 0 [pid 6943] close(4) = 0 [pid 6943] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6943] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6942] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6943] <... futex resumed>) = 0 [pid 6943] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6942] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6943] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6942] <... futex resumed>) = 0 [pid 6943] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = 0 [pid 6943] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6943] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6943] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] <... futex resumed>) = 1 [pid 6942] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6942] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = 0 [pid 6943] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6943] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6943] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] <... futex resumed>) = 1 [pid 6942] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6942] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = 0 [pid 6943] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6943] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6942] <... futex resumed>) = 1 [pid 6943] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6943] <... futex resumed>) = 0 [pid 6942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6943] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6942] <... futex resumed>) = 0 [pid 6942] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6942] <... futex resumed>) = 0 [pid 6943] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6943] <... openat resumed>) = 6 [pid 6942] <... mmap resumed>) = 0x7f6d360b6000 [pid 6943] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6943] <... futex resumed>) = 0 [pid 6942] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6943] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6944 attached [pid 6944] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6942] <... clone3 resumed> => {parent_tid=[6944]}, 88) = 6944 [pid 6944] <... rseq resumed>) = 0 [pid 6944] set_robust_list(0x7f6d360d69a0, 24 [pid 6942] rt_sigprocmask(SIG_SETMASK, [], [pid 6944] <... set_robust_list resumed>) = 0 [pid 6942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6944] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6942] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] <... futex resumed>) = 0 [pid 6942] <... futex resumed>) = 1 [pid 6944] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6942] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6944] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6944] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] <... futex resumed>) = 0 [pid 6944] <... futex resumed>) = 1 [pid 6942] exit_group(0 [pid 6944] ???() = ? [pid 6943] <... futex resumed>) = ? [pid 6942] <... exit_group resumed>) = ? [pid 6944] +++ exited with 0 +++ [pid 6943] +++ exited with 0 +++ [pid 6942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6942, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./632", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 163.813812][ T6943] loop0: detected capacity change from 0 to 64 umount2("./632/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./632/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./632/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./632/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./632/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./632/bus") = 0 umount2("./632/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./632/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./632/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./632") = 0 mkdir("./633", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6945 attached , child_tidptr=0x5555564f6750) = 6945 [pid 6945] set_robust_list(0x5555564f6760, 24) = 0 [pid 6945] chdir("./633") = 0 [pid 6945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6945] setpgid(0, 0) = 0 [pid 6945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6945] write(3, "1000", 4) = 4 [pid 6945] close(3) = 0 [pid 6945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6945] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6945] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6945] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6946 attached [pid 6946] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6945] <... clone3 resumed> => {parent_tid=[6946]}, 88) = 6946 [pid 6946] <... rseq resumed>) = 0 [pid 6945] rt_sigprocmask(SIG_SETMASK, [], [pid 6946] set_robust_list(0x7f6d468e79a0, 24 [pid 6945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6946] <... set_robust_list resumed>) = 0 [pid 6945] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6945] <... futex resumed>) = 0 [pid 6946] memfd_create("syzkaller", 0 [pid 6945] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6946] <... memfd_create resumed>) = 3 [pid 6946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6946] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6946] close(3) = 0 [pid 6946] mkdir("./bus", 0777) = 0 [pid 6946] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6946] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6946] chdir("./bus") = 0 [pid 6946] ioctl(4, LOOP_CLR_FD) = 0 [pid 6946] close(4) = 0 [pid 6946] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6946] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6945] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6946] memfd_create("syzkaller", 0) = 4 [pid 6946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6946] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6946] munmap(0x7f6d360cf000, 32768) = 0 [pid 6946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6946] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6946] ioctl(5, LOOP_CLR_FD) = 0 [pid 6946] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6946] close(5) = 0 [pid 6946] close(4) = 0 [pid 6946] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] <... futex resumed>) = 0 [ 163.902957][ T6946] loop0: detected capacity change from 0 to 64 [pid 6946] <... futex resumed>) = 1 [pid 6945] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6945] <... futex resumed>) = 0 [pid 6945] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] <... openat resumed>) = 4 [pid 6946] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6946] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6945] <... futex resumed>) = 0 [pid 6946] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6945] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] <... write resumed>) = 12288 [pid 6946] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] <... futex resumed>) = 0 [pid 6946] <... futex resumed>) = 1 [pid 6945] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6945] <... futex resumed>) = 0 [pid 6945] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] <... mmap resumed>) = 0x20000000 [pid 6946] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6946] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6946] <... futex resumed>) = 0 [pid 6945] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6946] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6946] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6946] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] <... futex resumed>) = 0 [pid 6945] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] <... futex resumed>) = 0 [pid 6945] <... futex resumed>) = 1 [pid 6946] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6945] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6946] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6946] <... openat resumed>) = 6 [pid 6945] <... mmap resumed>) = 0x7f6d360b6000 [pid 6946] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6946] <... futex resumed>) = 0 [pid 6946] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] <... mprotect resumed>) = 0 [pid 6945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6947 attached => {parent_tid=[6947]}, 88) = 6947 [pid 6945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6945] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6945] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6947] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6947] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6947] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6947] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6947] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] exit_group(0 [pid 6946] <... futex resumed>) = ? [pid 6946] +++ exited with 0 +++ [pid 6947] <... futex resumed>) = ? [pid 6945] <... exit_group resumed>) = ? [pid 6947] +++ exited with 0 +++ [pid 6945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6945, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./633", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./633/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./633/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./633/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./633/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./633/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./633/bus") = 0 umount2("./633/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./633/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./633/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./633") = 0 mkdir("./634", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6948 ./strace-static-x86_64: Process 6948 attached [pid 6948] set_robust_list(0x5555564f6760, 24) = 0 [pid 6948] chdir("./634") = 0 [pid 6948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6948] setpgid(0, 0) = 0 [pid 6948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6948] write(3, "1000", 4) = 4 [pid 6948] close(3) = 0 [pid 6948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6948] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6948] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6948] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6949 attached [pid 6949] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6948] <... clone3 resumed> => {parent_tid=[6949]}, 88) = 6949 [pid 6949] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6948] rt_sigprocmask(SIG_SETMASK, [], [pid 6949] rt_sigprocmask(SIG_SETMASK, [], [pid 6948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6949] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] <... futex resumed>) = 0 [pid 6948] <... futex resumed>) = 1 [pid 6949] memfd_create("syzkaller", 0 [pid 6948] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6949] <... memfd_create resumed>) = 3 [pid 6949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6949] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6949] close(3) = 0 [pid 6949] mkdir("./bus", 0777) = 0 [pid 6949] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6949] chdir("./bus") = 0 [pid 6949] ioctl(4, LOOP_CLR_FD) = 0 [pid 6949] close(4) = 0 [pid 6949] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6948] <... futex resumed>) = 0 [pid 6948] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6948] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6949] memfd_create("syzkaller", 0) = 4 [pid 6949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6949] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6949] munmap(0x7f6d360cf000, 32768) = 0 [pid 6949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6949] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6949] ioctl(5, LOOP_CLR_FD) = 0 [pid 6949] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6949] close(5) = 0 [pid 6949] close(4) = 0 [pid 6949] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6948] <... futex resumed>) = 0 [pid 6949] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6948] <... futex resumed>) = 0 [pid 6949] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6948] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6949] <... openat resumed>) = 4 [pid 6949] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6948] <... futex resumed>) = 0 [pid 6948] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6948] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6949] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6949] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6948] <... futex resumed>) = 0 [pid 6948] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6948] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6949] <... futex resumed>) = 1 [pid 6949] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6949] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6948] <... futex resumed>) = 0 [pid 6949] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] <... futex resumed>) = 0 [pid 6949] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6948] <... futex resumed>) = 1 [pid 6949] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6948] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6949] <... openat resumed>) = 5 [pid 6949] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] <... futex resumed>) = 0 [pid 6948] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] <... futex resumed>) = 0 [pid 6948] <... futex resumed>) = 1 [pid 6949] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6948] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6948] <... futex resumed>) = 0 [pid 6949] <... openat resumed>) = 6 [pid 6948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6948] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6949] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6950 attached => {parent_tid=[6950]}, 88) = 6950 [pid 6950] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6948] rt_sigprocmask(SIG_SETMASK, [], [pid 6950] <... rseq resumed>) = 0 [pid 6948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6950] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6948] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6948] <... futex resumed>) = 0 [pid 6950] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6948] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6950] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6950] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6948] <... futex resumed>) = 0 [pid 6950] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] exit_group(0 [pid 6950] <... futex resumed>) = ? [pid 6950] +++ exited with 0 +++ [pid 6949] <... futex resumed>) = ? [pid 6948] <... exit_group resumed>) = ? [pid 6949] +++ exited with 0 +++ [pid 6948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6948, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./634", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./634/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 164.029857][ T6949] loop0: detected capacity change from 0 to 64 umount2("./634/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./634/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./634/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./634/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./634/bus") = 0 umount2("./634/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./634/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./634/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./634") = 0 mkdir("./635", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6951 attached , child_tidptr=0x5555564f6750) = 6951 [pid 6951] set_robust_list(0x5555564f6760, 24) = 0 [pid 6951] chdir("./635") = 0 [pid 6951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6951] setpgid(0, 0) = 0 [pid 6951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6951] write(3, "1000", 4) = 4 [pid 6951] close(3) = 0 [pid 6951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6951] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6951] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6951] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6951] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6951] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6952 attached [pid 6952] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6951] <... clone3 resumed> => {parent_tid=[6952]}, 88) = 6952 [pid 6952] <... rseq resumed>) = 0 [pid 6951] rt_sigprocmask(SIG_SETMASK, [], [pid 6952] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6952] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6951] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] <... futex resumed>) = 0 [pid 6952] memfd_create("syzkaller", 0 [pid 6951] <... futex resumed>) = 1 [pid 6952] <... memfd_create resumed>) = 3 [pid 6952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6951] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6952] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6952] close(3) = 0 [pid 6952] mkdir("./bus", 0777) = 0 [pid 6952] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6952] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6952] chdir("./bus") = 0 [pid 6952] ioctl(4, LOOP_CLR_FD) = 0 [pid 6952] close(4) = 0 [pid 6952] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6952] <... futex resumed>) = 1 [pid 6952] memfd_create("syzkaller", 0) = 4 [pid 6952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6952] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6952] munmap(0x7f6d360cf000, 32768) = 0 [pid 6952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6952] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6952] ioctl(5, LOOP_CLR_FD) = 0 [pid 6952] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6952] close(5) = 0 [pid 6952] close(4) = 0 [pid 6952] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [pid 6952] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6952] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6951] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6951] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6951] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] <... futex resumed>) = 0 [pid 6952] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6952] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] <... futex resumed>) = 1 [pid 6952] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6952] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] <... futex resumed>) = 1 [pid 6952] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6952] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6952] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6952] <... futex resumed>) = 1 [pid 6952] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6952] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6951] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6952] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] <... mprotect resumed>) = 0 [pid 6952] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6951] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6951] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6953 attached => {parent_tid=[6953]}, 88) = 6953 [pid 6951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6951] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6953] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6953] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6953] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6951] <... futex resumed>) = 0 [pid 6953] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6951] exit_group(0 [pid 6953] <... futex resumed>) = ? [pid 6952] <... futex resumed>) = ? [pid 6951] <... exit_group resumed>) = ? [pid 6953] +++ exited with 0 +++ [pid 6952] +++ exited with 0 +++ [pid 6951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6951, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./635", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./635/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./635/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./635/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 164.110501][ T6952] loop0: detected capacity change from 0 to 64 umount2("./635/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./635/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./635/bus") = 0 umount2("./635/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./635/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./635/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./635") = 0 mkdir("./636", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6954 attached , child_tidptr=0x5555564f6750) = 6954 [pid 6954] set_robust_list(0x5555564f6760, 24) = 0 [pid 6954] chdir("./636") = 0 [pid 6954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6954] setpgid(0, 0) = 0 [pid 6954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6954] write(3, "1000", 4) = 4 [pid 6954] close(3) = 0 [pid 6954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6954] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6954] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6955]}, 88) = 6955 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6954] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6955 attached [pid 6955] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6955] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6955] memfd_create("syzkaller", 0) = 3 [pid 6955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6955] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6955] close(3) = 0 [pid 6955] mkdir("./bus", 0777) = 0 [pid 6955] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6955] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6955] chdir("./bus") = 0 [pid 6955] ioctl(4, LOOP_CLR_FD) = 0 [pid 6955] close(4) = 0 [pid 6955] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6955] memfd_create("syzkaller", 0 [pid 6954] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6955] <... memfd_create resumed>) = 4 [pid 6955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6955] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6955] munmap(0x7f6d360cf000, 32768) = 0 [pid 6955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6955] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6955] ioctl(5, LOOP_CLR_FD) = 0 [pid 6955] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6955] close(5) = 0 [pid 6955] close(4) = 0 [pid 6955] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6955] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6954] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... openat resumed>) = 4 [pid 6955] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6955] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6954] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... write resumed>) = 12288 [pid 6955] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6955] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6955] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6954] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... mmap resumed>) = 0x20000000 [pid 6955] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] <... futex resumed>) = 0 [pid 6955] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6954] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6955] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6954] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6954] <... futex resumed>) = 0 [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6955] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6954] <... mmap resumed>) = 0x7f6d360b6000 [pid 6954] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6956 attached [pid 6956] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6954] <... clone3 resumed> => {parent_tid=[6956]}, 88) = 6956 [pid 6956] <... rseq resumed>) = 0 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], [pid 6956] set_robust_list(0x7f6d360d69a0, 24 [pid 6954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6956] <... set_robust_list resumed>) = 0 [pid 6954] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] rt_sigprocmask(SIG_SETMASK, [], [pid 6954] <... futex resumed>) = 0 [pid 6956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6955] <... openat resumed>) = 6 [pid 6954] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6956] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6955] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6956] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6956] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6956] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] exit_group(0 [pid 6955] <... futex resumed>) = ? [pid 6956] <... futex resumed>) = ? [pid 6956] +++ exited with 0 +++ [pid 6955] +++ exited with 0 +++ [pid 6954] <... exit_group resumed>) = ? [pid 6954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6954, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./636", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 164.203955][ T6955] loop0: detected capacity change from 0 to 64 umount2("./636/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./636/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./636/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./636/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./636/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./636/bus") = 0 umount2("./636/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./636/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./636/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./636") = 0 mkdir("./637", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6957 ./strace-static-x86_64: Process 6957 attached [pid 6957] set_robust_list(0x5555564f6760, 24) = 0 [pid 6957] chdir("./637") = 0 [pid 6957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6957] setpgid(0, 0) = 0 [pid 6957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6957] write(3, "1000", 4) = 4 [pid 6957] close(3) = 0 [pid 6957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6957] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6957] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6957] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6958]}, 88) = 6958 [pid 6957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6957] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6957] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6958 attached [pid 6958] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6958] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6958] memfd_create("syzkaller", 0) = 3 [pid 6958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6958] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6958] close(3) = 0 [pid 6958] mkdir("./bus", 0777) = 0 [pid 6958] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6958] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6958] chdir("./bus") = 0 [pid 6958] ioctl(4, LOOP_CLR_FD) = 0 [pid 6958] close(4) = 0 [pid 6958] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6958] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6957] <... futex resumed>) = 0 [pid 6957] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... futex resumed>) = 0 [pid 6957] <... futex resumed>) = 1 [pid 6958] memfd_create("syzkaller", 0) = 4 [pid 6958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6958] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6957] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6958] munmap(0x7f6d360cf000, 32768) = 0 [pid 6958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6958] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6958] ioctl(5, LOOP_CLR_FD) = 0 [pid 6958] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6958] close(5) = 0 [pid 6958] close(4) = 0 [pid 6958] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6957] <... futex resumed>) = 0 [pid 6958] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6957] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6957] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] <... openat resumed>) = 4 [pid 6958] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6957] <... futex resumed>) = 0 [pid 6957] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6957] <... futex resumed>) = 0 [pid 6957] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] <... write resumed>) = 12288 [pid 6958] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] <... futex resumed>) = 0 [pid 6958] <... futex resumed>) = 1 [pid 6957] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6957] <... futex resumed>) = 0 [pid 6958] <... mmap resumed>) = 0x20000000 [pid 6957] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6958] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6957] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6957] <... futex resumed>) = 0 [pid 6958] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6957] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6958] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6958] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6957] <... futex resumed>) = 0 [pid 6957] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... futex resumed>) = 0 [pid 6957] <... futex resumed>) = 1 [pid 6958] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6957] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6958] <... openat resumed>) = 6 [pid 6958] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6957] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6959 attached [pid 6959] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6957] <... clone3 resumed> => {parent_tid=[6959]}, 88) = 6959 [pid 6959] <... rseq resumed>) = 0 [pid 6957] rt_sigprocmask(SIG_SETMASK, [], [pid 6959] set_robust_list(0x7f6d360d69a0, 24 [pid 6957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6959] <... set_robust_list resumed>) = 0 [pid 6957] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] rt_sigprocmask(SIG_SETMASK, [], [pid 6957] <... futex resumed>) = 0 [pid 6959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6957] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6959] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6957] <... futex resumed>) = 0 [pid 6959] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6957] exit_group(0) = ? [pid 6959] <... futex resumed>) = ? [pid 6958] <... futex resumed>) = ? [pid 6959] +++ exited with 0 +++ [pid 6958] +++ exited with 0 +++ [pid 6957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6957, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./637", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./637/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 164.308232][ T6958] loop0: detected capacity change from 0 to 64 umount2("./637/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./637/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./637/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./637/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./637/bus") = 0 umount2("./637/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./637/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./637/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./637") = 0 mkdir("./638", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6960 ./strace-static-x86_64: Process 6960 attached [pid 6960] set_robust_list(0x5555564f6760, 24) = 0 [pid 6960] chdir("./638") = 0 [pid 6960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6960] setpgid(0, 0) = 0 [pid 6960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6960] write(3, "1000", 4) = 4 [pid 6960] close(3) = 0 [pid 6960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6960] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6960] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6960] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6961 attached => {parent_tid=[6961]}, 88) = 6961 [pid 6961] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6960] rt_sigprocmask(SIG_SETMASK, [], [pid 6961] set_robust_list(0x7f6d468e79a0, 24 [pid 6960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6961] <... set_robust_list resumed>) = 0 [pid 6961] rt_sigprocmask(SIG_SETMASK, [], [pid 6960] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6960] <... futex resumed>) = 0 [pid 6961] memfd_create("syzkaller", 0 [pid 6960] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6961] <... memfd_create resumed>) = 3 [pid 6961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6961] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6961] close(3) = 0 [pid 6961] mkdir("./bus", 0777) = 0 [pid 6961] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6961] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6961] chdir("./bus") = 0 [pid 6961] ioctl(4, LOOP_CLR_FD) = 0 [pid 6961] close(4) = 0 [pid 6961] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... futex resumed>) = 0 [pid 6961] <... futex resumed>) = 1 [pid 6960] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] memfd_create("syzkaller", 0 [pid 6960] <... futex resumed>) = 0 [pid 6961] <... memfd_create resumed>) = 4 [pid 6960] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6961] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6961] munmap(0x7f6d360cf000, 32768) = 0 [pid 6961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6961] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6961] ioctl(5, LOOP_CLR_FD) = 0 [pid 6961] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6961] close(5) = 0 [pid 6961] close(4) = 0 [pid 6961] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... futex resumed>) = 0 [pid 6961] <... futex resumed>) = 1 [pid 6960] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6960] <... futex resumed>) = 0 [pid 6961] <... openat resumed>) = 4 [pid 6960] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... futex resumed>) = 0 [pid 6960] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6960] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] <... futex resumed>) = 1 [pid 6961] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6961] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... futex resumed>) = 0 [pid 6960] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6960] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] <... futex resumed>) = 1 [pid 6961] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6961] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... futex resumed>) = 0 [pid 6960] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6960] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] <... futex resumed>) = 1 [pid 6961] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6961] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6961] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... futex resumed>) = 0 [pid 6961] <... futex resumed>) = 1 [pid 6960] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6960] <... futex resumed>) = 0 [pid 6961] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6960] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] <... openat resumed>) = 6 [pid 6960] <... futex resumed>) = 0 [pid 6960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6960] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6961] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... mprotect resumed>) = 0 [pid 6961] <... futex resumed>) = 0 [pid 6961] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6962 attached [pid 6962] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6960] <... clone3 resumed> => {parent_tid=[6962]}, 88) = 6962 [pid 6962] <... rseq resumed>) = 0 [pid 6960] rt_sigprocmask(SIG_SETMASK, [], [pid 6962] set_robust_list(0x7f6d360d69a0, 24 [pid 6960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6962] <... set_robust_list resumed>) = 0 [pid 6960] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] rt_sigprocmask(SIG_SETMASK, [], [pid 6960] <... futex resumed>) = 0 [pid 6962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6960] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6962] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6962] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6960] <... futex resumed>) = 0 [pid 6962] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6960] exit_group(0 [pid 6962] <... futex resumed>) = ? [pid 6961] <... futex resumed>) = ? [pid 6962] +++ exited with 0 +++ [pid 6961] +++ exited with 0 +++ [pid 6960] <... exit_group resumed>) = ? [pid 6960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6960, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./638", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./638/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./638/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./638/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./638/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./638/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 164.388890][ T6961] loop0: detected capacity change from 0 to 64 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./638/bus") = 0 umount2("./638/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./638/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./638/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./638") = 0 mkdir("./639", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6963 attached , child_tidptr=0x5555564f6750) = 6963 [pid 6963] set_robust_list(0x5555564f6760, 24) = 0 [pid 6963] chdir("./639") = 0 [pid 6963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6963] setpgid(0, 0) = 0 [pid 6963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6963] write(3, "1000", 4) = 4 [pid 6963] close(3) = 0 [pid 6963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6963] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6963] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6963] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6964 attached [pid 6964] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6963] <... clone3 resumed> => {parent_tid=[6964]}, 88) = 6964 [pid 6964] <... rseq resumed>) = 0 [pid 6963] rt_sigprocmask(SIG_SETMASK, [], [pid 6964] set_robust_list(0x7f6d468e79a0, 24 [pid 6963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6964] <... set_robust_list resumed>) = 0 [pid 6963] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6963] <... futex resumed>) = 0 [pid 6964] memfd_create("syzkaller", 0 [pid 6963] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6964] <... memfd_create resumed>) = 3 [pid 6964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6964] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6964] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6964] close(3) = 0 [pid 6964] mkdir("./bus", 0777) = 0 [pid 6964] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6964] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6964] chdir("./bus") = 0 [pid 6964] ioctl(4, LOOP_CLR_FD) = 0 [pid 6964] close(4) = 0 [pid 6964] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6964] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6963] <... futex resumed>) = 0 [pid 6963] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] <... futex resumed>) = 0 [pid 6963] <... futex resumed>) = 1 [pid 6964] memfd_create("syzkaller", 0 [pid 6963] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6964] <... memfd_create resumed>) = 4 [pid 6964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6964] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6964] munmap(0x7f6d360cf000, 32768) = 0 [pid 6964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6964] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6964] ioctl(5, LOOP_CLR_FD) = 0 [pid 6964] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6964] close(5) = 0 [pid 6964] close(4) = 0 [pid 6964] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6963] <... futex resumed>) = 0 [pid 6964] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6963] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6963] <... futex resumed>) = 0 [pid 6964] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6963] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6964] <... openat resumed>) = 4 [pid 6964] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6964] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6963] <... futex resumed>) = 0 [pid 6963] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6964] <... futex resumed>) = 0 [pid 6963] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6964] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6964] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... futex resumed>) = 0 [pid 6964] <... futex resumed>) = 1 [pid 6963] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6963] <... futex resumed>) = 0 [pid 6964] <... mmap resumed>) = 0x20000000 [pid 6963] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6964] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... futex resumed>) = 0 [pid 6963] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6963] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6964] <... futex resumed>) = 1 [pid 6964] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6964] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6964] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... futex resumed>) = 0 [pid 6964] <... futex resumed>) = 1 [pid 6963] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6963] <... futex resumed>) = 0 [pid 6964] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6963] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] <... openat resumed>) = 6 [pid 6963] <... futex resumed>) = 0 [pid 6963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6963] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6964] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6964] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6965 attached => {parent_tid=[6965]}, 88) = 6965 [pid 6963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6963] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6963] <... futex resumed>) = 0 [pid 6963] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6965] <... rseq resumed>) = 0 [pid 6965] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6965] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6965] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... futex resumed>) = 0 [pid 6965] <... futex resumed>) = 1 [pid 6965] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6963] exit_group(0 [pid 6964] <... futex resumed>) = ? [pid 6965] <... futex resumed>) = ? [pid 6963] <... exit_group resumed>) = ? [pid 6965] +++ exited with 0 +++ [pid 6964] +++ exited with 0 +++ [pid 6963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6963, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./639", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 164.468588][ T6964] loop0: detected capacity change from 0 to 64 umount2("./639/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./639/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./639/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./639/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./639/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./639/bus") = 0 umount2("./639/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./639/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./639/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./639") = 0 mkdir("./640", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6966 attached , child_tidptr=0x5555564f6750) = 6966 [pid 6966] set_robust_list(0x5555564f6760, 24) = 0 [pid 6966] chdir("./640") = 0 [pid 6966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6966] setpgid(0, 0) = 0 [pid 6966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6966] write(3, "1000", 4) = 4 [pid 6966] close(3) = 0 [pid 6966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6966] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6966] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6967 attached => {parent_tid=[6967]}, 88) = 6967 [pid 6966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6966] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6967] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6967] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6967] memfd_create("syzkaller", 0) = 3 [pid 6967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6967] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6967] close(3) = 0 [pid 6967] mkdir("./bus", 0777) = 0 [pid 6967] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6967] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6967] chdir("./bus") = 0 [pid 6967] ioctl(4, LOOP_CLR_FD) = 0 [pid 6967] close(4) = 0 [pid 6967] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6967] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6967] <... futex resumed>) = 0 [pid 6967] memfd_create("syzkaller", 0) = 4 [pid 6967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6967] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6967] munmap(0x7f6d360cf000, 32768 [pid 6966] <... futex resumed>) = 1 [pid 6967] <... munmap resumed>) = 0 [pid 6966] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6967] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6967] ioctl(5, LOOP_CLR_FD) = 0 [pid 6967] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6967] close(5) = 0 [pid 6967] close(4) = 0 [pid 6967] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6967] <... futex resumed>) = 1 [pid 6967] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6967] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6967] <... futex resumed>) = 1 [pid 6967] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6967] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6967] <... futex resumed>) = 1 [pid 6967] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6967] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6967] <... futex resumed>) = 1 [pid 6967] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6967] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6967] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6966] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6967] <... futex resumed>) = 1 [pid 6966] <... mprotect resumed>) = 0 [pid 6967] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6966] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6967] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6966] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6967] <... openat resumed>) = 6 [pid 6966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 6967] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6967] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6968 attached [pid 6968] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6966] <... clone3 resumed> => {parent_tid=[6968]}, 88) = 6968 [pid 6968] <... rseq resumed>) = 0 [pid 6966] rt_sigprocmask(SIG_SETMASK, [], [pid 6968] set_robust_list(0x7f6d360d69a0, 24 [pid 6966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6968] <... set_robust_list resumed>) = 0 [pid 6966] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] rt_sigprocmask(SIG_SETMASK, [], [pid 6966] <... futex resumed>) = 0 [pid 6968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6966] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6968] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6968] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6968] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6966] exit_group(0 [pid 6968] <... futex resumed>) = ? [pid 6968] +++ exited with 0 +++ [pid 6967] <... futex resumed>) = ? [pid 6966] <... exit_group resumed>) = ? [pid 6967] +++ exited with 0 +++ [pid 6966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6966, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./640", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 164.575566][ T6967] loop0: detected capacity change from 0 to 64 umount2("./640/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./640/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./640/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./640/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./640/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./640/bus") = 0 umount2("./640/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./640/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./640/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./640") = 0 mkdir("./641", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6969 attached , child_tidptr=0x5555564f6750) = 6969 [pid 6969] set_robust_list(0x5555564f6760, 24) = 0 [pid 6969] chdir("./641") = 0 [pid 6969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6969] setpgid(0, 0) = 0 [pid 6969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6969] write(3, "1000", 4) = 4 [pid 6969] close(3) = 0 [pid 6969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6969] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6969] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6970 attached [pid 6970] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6969] <... clone3 resumed> => {parent_tid=[6970]}, 88) = 6970 [pid 6970] <... rseq resumed>) = 0 [pid 6969] rt_sigprocmask(SIG_SETMASK, [], [pid 6970] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6970] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6969] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6969] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6970] memfd_create("syzkaller", 0) = 3 [pid 6970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6970] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6970] close(3) = 0 [pid 6970] mkdir("./bus", 0777) = 0 [pid 6970] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6970] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6970] chdir("./bus") = 0 [pid 6970] ioctl(4, LOOP_CLR_FD) = 0 [pid 6970] close(4) = 0 [pid 6970] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6969] <... futex resumed>) = 0 [pid 6970] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6969] <... futex resumed>) = 0 [pid 6970] memfd_create("syzkaller", 0 [pid 6969] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6970] <... memfd_create resumed>) = 4 [pid 6970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6970] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6970] munmap(0x7f6d360cf000, 32768) = 0 [pid 6970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6970] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6970] ioctl(5, LOOP_CLR_FD) = 0 [pid 6970] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6970] close(5) = 0 [pid 6970] close(4) = 0 [pid 6970] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = 0 [pid 6970] <... futex resumed>) = 1 [pid 6969] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6969] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... openat resumed>) = 4 [pid 6970] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = 0 [pid 6970] <... futex resumed>) = 1 [pid 6969] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6969] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... write resumed>) = 12288 [pid 6970] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6969] <... futex resumed>) = 0 [pid 6970] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6969] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... mmap resumed>) = 0x20000000 [pid 6970] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6969] <... futex resumed>) = 0 [pid 6969] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6969] <... futex resumed>) = 0 [pid 6970] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6969] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... openat resumed>) = 5 [pid 6970] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6969] <... futex resumed>) = 0 [pid 6970] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6969] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6969] <... futex resumed>) = 0 [pid 6969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6969] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] <... openat resumed>) = 6 [pid 6969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6970] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6970] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6971 attached [pid 6971] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6971] set_robust_list(0x7f6d360d69a0, 24 [pid 6969] <... clone3 resumed> => {parent_tid=[6971]}, 88) = 6971 [pid 6971] <... set_robust_list resumed>) = 0 [pid 6969] rt_sigprocmask(SIG_SETMASK, [], [pid 6971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6971] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6969] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = 0 [pid 6969] <... futex resumed>) = 1 [pid 6971] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6969] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6971] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6971] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6971] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] <... futex resumed>) = 0 [pid 6969] exit_group(0 [pid 6971] <... futex resumed>) = ? [pid 6970] <... futex resumed>) = ? [pid 6969] <... exit_group resumed>) = ? [pid 6971] +++ exited with 0 +++ [pid 6970] +++ exited with 0 +++ [pid 6969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6969, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./641", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 164.677913][ T6970] loop0: detected capacity change from 0 to 64 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./641/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./641/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./641/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./641/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./641/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./641/bus") = 0 umount2("./641/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./641/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./641/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./641") = 0 mkdir("./642", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6972 attached , child_tidptr=0x5555564f6750) = 6972 [pid 6972] set_robust_list(0x5555564f6760, 24) = 0 [pid 6972] chdir("./642") = 0 [pid 6972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6972] setpgid(0, 0) = 0 [pid 6972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6972] write(3, "1000", 4) = 4 [pid 6972] close(3) = 0 [pid 6972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6972] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6972] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6973 attached => {parent_tid=[6973]}, 88) = 6973 [pid 6973] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] set_robust_list(0x7f6d468e79a0, 24 [pid 6972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] <... set_robust_list resumed>) = 0 [pid 6972] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] rt_sigprocmask(SIG_SETMASK, [], [pid 6972] <... futex resumed>) = 0 [pid 6973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] memfd_create("syzkaller", 0 [pid 6972] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6973] <... memfd_create resumed>) = 3 [pid 6973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6973] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6973] close(3) = 0 [pid 6973] mkdir("./bus", 0777) = 0 [pid 6973] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6973] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6973] chdir("./bus") = 0 [pid 6973] ioctl(4, LOOP_CLR_FD) = 0 [pid 6973] close(4) = 0 [pid 6973] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6973] <... futex resumed>) = 1 [pid 6973] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6972] <... futex resumed>) = 0 [pid 6973] memfd_create("syzkaller", 0 [pid 6972] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6973] <... memfd_create resumed>) = 4 [pid 6973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6973] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6973] munmap(0x7f6d360cf000, 32768) = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6973] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6973] ioctl(5, LOOP_CLR_FD) = 0 [pid 6973] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6973] close(5) = 0 [pid 6973] close(4) = 0 [pid 6973] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6973] <... futex resumed>) = 1 [pid 6972] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6972] <... futex resumed>) = 0 [pid 6973] <... openat resumed>) = 4 [pid 6972] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6973] <... futex resumed>) = 0 [pid 6972] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6972] <... futex resumed>) = 0 [pid 6973] <... write resumed>) = 12288 [pid 6972] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] <... futex resumed>) = 1 [pid 6973] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6973] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] <... futex resumed>) = 1 [pid 6973] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6973] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6973] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] <... futex resumed>) = 1 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6973] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6972] <... mmap resumed>) = 0x7f6d360b6000 [pid 6973] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6972] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6973] <... openat resumed>) = 6 [pid 6972] <... mprotect resumed>) = 0 [pid 6973] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6974 attached => {parent_tid=[6974]}, 88) = 6974 [pid 6974] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], [pid 6974] <... rseq resumed>) = 0 [pid 6974] set_robust_list(0x7f6d360d69a0, 24 [pid 6972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6974] <... set_robust_list resumed>) = 0 [pid 6972] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] rt_sigprocmask(SIG_SETMASK, [], [pid 6972] <... futex resumed>) = 0 [pid 6974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6974] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6974] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] exit_group(0 [pid 6974] <... futex resumed>) = ? [pid 6974] +++ exited with 0 +++ [pid 6973] <... futex resumed>) = ? [pid 6972] <... exit_group resumed>) = ? [pid 6973] +++ exited with 0 +++ [pid 6972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6972, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./642", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./642/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./642/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./642/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 164.767707][ T6973] loop0: detected capacity change from 0 to 64 umount2("./642/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./642/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./642/bus") = 0 umount2("./642/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./642/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./642/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./642") = 0 mkdir("./643", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6975 attached , child_tidptr=0x5555564f6750) = 6975 [pid 6975] set_robust_list(0x5555564f6760, 24) = 0 [pid 6975] chdir("./643") = 0 [pid 6975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6975] setpgid(0, 0) = 0 [pid 6975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6975] write(3, "1000", 4) = 4 [pid 6975] close(3) = 0 [pid 6975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6975] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6975] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6975] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6975] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6976]}, 88) = 6976 [pid 6975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6976 attached [pid 6975] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6975] <... futex resumed>) = 0 [pid 6976] set_robust_list(0x7f6d468e79a0, 24 [pid 6975] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6976] <... set_robust_list resumed>) = 0 [pid 6976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6976] memfd_create("syzkaller", 0) = 3 [pid 6976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6976] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6976] close(3) = 0 [pid 6976] mkdir("./bus", 0777) = 0 [pid 6976] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6976] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6976] chdir("./bus") = 0 [pid 6976] ioctl(4, LOOP_CLR_FD) = 0 [pid 6976] close(4) = 0 [pid 6976] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] <... futex resumed>) = 0 [pid 6976] <... futex resumed>) = 1 [pid 6975] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] memfd_create("syzkaller", 0 [pid 6975] <... futex resumed>) = 0 [pid 6976] <... memfd_create resumed>) = 4 [pid 6975] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6976] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6976] munmap(0x7f6d360cf000, 32768) = 0 [pid 6976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6976] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6976] ioctl(5, LOOP_CLR_FD) = 0 [pid 6976] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6976] close(5) = 0 [pid 6976] close(4) = 0 [pid 6976] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6976] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] <... futex resumed>) = 0 [pid 6975] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6976] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6976] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6975] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6976] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6975] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6976] <... write resumed>) = 12288 [pid 6976] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6975] <... futex resumed>) = 0 [pid 6976] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6975] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] <... mmap resumed>) = 0x20000000 [pid 6975] <... futex resumed>) = 0 [pid 6976] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6976] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6976] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6975] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6975] <... futex resumed>) = 0 [pid 6976] <... openat resumed>) = 5 [pid 6975] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6976] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6975] <... futex resumed>) = 0 [pid 6975] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6975] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6975] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[6977]}, 88) = 6977 ./strace-static-x86_64: Process 6977 attached [pid 6975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6975] <... futex resumed>) = 0 [pid 6977] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6976] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6975] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6977] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6976] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6977] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6976] <... openat resumed>) = 6 [pid 6976] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6977] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6977] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] <... futex resumed>) = 0 [pid 6975] exit_group(0 [pid 6976] <... futex resumed>) = ? [pid 6975] <... exit_group resumed>) = ? [pid 6976] +++ exited with 0 +++ [pid 6977] <... futex resumed>) = ? [pid 6977] +++ exited with 0 +++ [pid 6975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6975, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./643", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./643/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./643/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./643/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./643/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./643/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./643/bus") = 0 umount2("./643/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 164.860636][ T6976] loop0: detected capacity change from 0 to 64 newfstatat(AT_FDCWD, "./643/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./643/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./643") = 0 mkdir("./644", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6978 ./strace-static-x86_64: Process 6978 attached [pid 6978] set_robust_list(0x5555564f6760, 24) = 0 [pid 6978] chdir("./644") = 0 [pid 6978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6978] setpgid(0, 0) = 0 [pid 6978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6978] write(3, "1000", 4) = 4 [pid 6978] close(3) = 0 [pid 6978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6978] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6978] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6978] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6978] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6979]}, 88) = 6979 [pid 6978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6978] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6978] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6979 attached [pid 6979] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6979] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6979] memfd_create("syzkaller", 0) = 3 [pid 6979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6979] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6979] close(3) = 0 [pid 6979] mkdir("./bus", 0777) = 0 [pid 6979] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6979] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6979] chdir("./bus") = 0 [pid 6979] ioctl(4, LOOP_CLR_FD) = 0 [pid 6979] close(4) = 0 [pid 6979] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6979] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6978] <... futex resumed>) = 0 [pid 6978] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... futex resumed>) = 0 [pid 6978] <... futex resumed>) = 1 [pid 6978] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6979] memfd_create("syzkaller", 0) = 4 [pid 6979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6979] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6979] munmap(0x7f6d360cf000, 32768) = 0 [pid 6979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6979] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6979] ioctl(5, LOOP_CLR_FD) = 0 [pid 6979] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6979] close(5) = 0 [pid 6979] close(4) = 0 [pid 6979] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6979] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6978] <... futex resumed>) = 0 [pid 6978] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... futex resumed>) = 0 [pid 6978] <... futex resumed>) = 1 [pid 6979] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6978] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] <... openat resumed>) = 4 [pid 6979] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6979] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6978] <... futex resumed>) = 0 [pid 6979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6978] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6978] <... futex resumed>) = 0 [pid 6978] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] <... write resumed>) = 12288 [pid 6979] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6978] <... futex resumed>) = 0 [pid 6979] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6978] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6978] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] <... mmap resumed>) = 0x20000000 [pid 6979] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6978] <... futex resumed>) = 0 [pid 6978] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6978] <... futex resumed>) = 0 [pid 6979] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 6978] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] <... openat resumed>) = 5 [pid 6979] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6978] <... futex resumed>) = 0 [pid 6978] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6978] <... futex resumed>) = 0 [pid 6979] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6978] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... openat resumed>) = 6 [pid 6978] <... futex resumed>) = 0 [pid 6978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6979] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6979] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6978] <... mmap resumed>) = 0x7f6d360b6000 [pid 6978] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 164.942840][ T6979] loop0: detected capacity change from 0 to 64 [pid 6978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6980 attached => {parent_tid=[6980]}, 88) = 6980 [pid 6978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6978] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6978] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6980] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6980] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6980] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6980] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6980] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6978] <... futex resumed>) = 0 [pid 6978] exit_group(0 [pid 6980] <... futex resumed>) = ? [pid 6979] <... futex resumed>) = ? [pid 6980] +++ exited with 0 +++ [pid 6979] +++ exited with 0 +++ [pid 6978] <... exit_group resumed>) = ? [pid 6978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6978, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./644", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./644/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./644/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./644/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./644/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./644/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./644/bus") = 0 umount2("./644/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./644/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./644/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./644") = 0 mkdir("./645", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6981 attached , child_tidptr=0x5555564f6750) = 6981 [pid 6981] set_robust_list(0x5555564f6760, 24) = 0 [pid 6981] chdir("./645") = 0 [pid 6981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6981] setpgid(0, 0) = 0 [pid 6981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6981] write(3, "1000", 4) = 4 [pid 6981] close(3) = 0 [pid 6981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6981] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6981] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6981] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6981] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6982]}, 88) = 6982 [pid 6981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6982 attached [pid 6981] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6982] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6981] <... futex resumed>) = 0 [pid 6982] <... rseq resumed>) = 0 [pid 6981] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6982] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6982] memfd_create("syzkaller", 0) = 3 [pid 6982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6982] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6982] close(3) = 0 [pid 6982] mkdir("./bus", 0777) = 0 [pid 6982] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6982] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6982] chdir("./bus") = 0 [pid 6982] ioctl(4, LOOP_CLR_FD) = 0 [pid 6982] close(4) = 0 [pid 6982] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] <... futex resumed>) = 0 [pid 6981] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6981] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6982] <... futex resumed>) = 1 [pid 6982] memfd_create("syzkaller", 0) = 4 [pid 6982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6982] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6982] munmap(0x7f6d360cf000, 32768) = 0 [pid 6982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6982] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6982] ioctl(5, LOOP_CLR_FD) = 0 [pid 6982] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6982] close(5) = 0 [pid 6982] close(4) = 0 [pid 6982] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6982] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6981] <... futex resumed>) = 0 [pid 6981] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6982] <... futex resumed>) = 0 [pid 6981] <... futex resumed>) = 1 [pid 6982] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6981] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6982] <... openat resumed>) = 4 [pid 6982] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6981] <... futex resumed>) = 0 [pid 6982] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6981] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6981] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6982] <... write resumed>) = 12288 [pid 6982] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6981] <... futex resumed>) = 0 [pid 6982] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6981] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6981] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6982] <... mmap resumed>) = 0x20000000 [pid 6982] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6981] <... futex resumed>) = 0 [pid 6982] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6981] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6981] <... futex resumed>) = 0 [pid 6982] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6981] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6982] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6982] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6981] <... futex resumed>) = 0 [pid 6982] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6981] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6981] <... futex resumed>) = 0 [pid 6982] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6982] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6981] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6981] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6982] <... openat resumed>) = 6 [pid 6982] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] <... mprotect resumed>) = 0 [pid 6982] <... futex resumed>) = 0 [pid 6982] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6983 attached [pid 6983] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6981] <... clone3 resumed> => {parent_tid=[6983]}, 88) = 6983 [pid 6983] <... rseq resumed>) = 0 [pid 6981] rt_sigprocmask(SIG_SETMASK, [], [pid 6983] set_robust_list(0x7f6d360d69a0, 24 [pid 6981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6983] <... set_robust_list resumed>) = 0 [pid 6981] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6981] <... futex resumed>) = 0 [pid 6983] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6981] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6983] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6983] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] <... futex resumed>) = 0 [pid 6983] <... futex resumed>) = 1 [pid 6981] exit_group(0 [pid 6982] <... futex resumed>) = ? [pid 6981] <... exit_group resumed>) = ? [pid 6983] +++ exited with 0 +++ [pid 6982] +++ exited with 0 +++ [pid 6981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6981, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./645", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 165.048710][ T6982] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./645/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./645/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./645/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./645/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./645/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./645/bus") = 0 umount2("./645/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./645/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./645/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./645") = 0 mkdir("./646", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6984 attached , child_tidptr=0x5555564f6750) = 6984 [pid 6984] set_robust_list(0x5555564f6760, 24) = 0 [pid 6984] chdir("./646") = 0 [pid 6984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6984] setpgid(0, 0) = 0 [pid 6984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6984] write(3, "1000", 4) = 4 [pid 6984] close(3) = 0 [pid 6984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6984] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6984] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6984] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6985 attached => {parent_tid=[6985]}, 88) = 6985 [pid 6985] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6984] rt_sigprocmask(SIG_SETMASK, [], [pid 6985] <... rseq resumed>) = 0 [pid 6984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6985] set_robust_list(0x7f6d468e79a0, 24 [pid 6984] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... set_robust_list resumed>) = 0 [pid 6984] <... futex resumed>) = 0 [pid 6985] rt_sigprocmask(SIG_SETMASK, [], [pid 6984] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6985] memfd_create("syzkaller", 0) = 3 [pid 6985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6985] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6985] close(3) = 0 [pid 6985] mkdir("./bus", 0777) = 0 [pid 6985] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6985] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6985] chdir("./bus") = 0 [pid 6985] ioctl(4, LOOP_CLR_FD) = 0 [pid 6985] close(4) = 0 [pid 6985] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6984] <... futex resumed>) = 0 [pid 6984] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] memfd_create("syzkaller", 0 [pid 6984] <... futex resumed>) = 0 [pid 6985] <... memfd_create resumed>) = 4 [pid 6984] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6985] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6985] munmap(0x7f6d360cf000, 32768) = 0 [pid 6985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6985] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6985] ioctl(5, LOOP_CLR_FD) = 0 [pid 6985] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6985] close(5) = 0 [pid 6985] close(4) = 0 [pid 6985] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6984] <... futex resumed>) = 0 [pid 6985] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... futex resumed>) = 0 [pid 6984] <... futex resumed>) = 1 [pid 6985] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6984] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6985] <... openat resumed>) = 4 [pid 6985] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6984] <... futex resumed>) = 0 [pid 6985] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6984] <... futex resumed>) = 0 [pid 6985] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6984] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6985] <... write resumed>) = 12288 [pid 6985] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6985] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] <... futex resumed>) = 0 [pid 6984] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... futex resumed>) = 0 [pid 6984] <... futex resumed>) = 1 [pid 6985] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6984] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6985] <... mmap resumed>) = 0x20000000 [pid 6985] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6984] <... futex resumed>) = 0 [pid 6985] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6984] <... futex resumed>) = 0 [pid 6984] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6985] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6985] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6985] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6984] <... futex resumed>) = 0 [ 165.155989][ T6985] loop0: detected capacity change from 0 to 64 [pid 6985] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6984] <... futex resumed>) = 0 [pid 6985] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6984] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6984] <... futex resumed>) = 0 [pid 6984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6984] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6985] <... openat resumed>) = 6 [pid 6984] <... mprotect resumed>) = 0 [pid 6984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6986 attached => {parent_tid=[6986]}, 88) = 6986 [pid 6986] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6984] rt_sigprocmask(SIG_SETMASK, [], [pid 6986] set_robust_list(0x7f6d360d69a0, 24 [pid 6984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6986] <... set_robust_list resumed>) = 0 [pid 6984] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6986] rt_sigprocmask(SIG_SETMASK, [], [pid 6984] <... futex resumed>) = 0 [pid 6986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6986] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6984] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6986] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6985] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6985] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6986] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6986] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] <... futex resumed>) = 0 [pid 6984] exit_group(0 [pid 6986] <... futex resumed>) = ? [pid 6985] <... futex resumed>) = ? [pid 6984] <... exit_group resumed>) = ? [pid 6986] +++ exited with 0 +++ [pid 6985] +++ exited with 0 +++ [pid 6984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6984, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./646", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./646/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./646/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./646/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./646/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./646/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./646/bus") = 0 umount2("./646/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./646/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./646/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./646") = 0 mkdir("./647", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6987 attached , child_tidptr=0x5555564f6750) = 6987 [pid 6987] set_robust_list(0x5555564f6760, 24) = 0 [pid 6987] chdir("./647") = 0 [pid 6987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6987] setpgid(0, 0) = 0 [pid 6987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6987] write(3, "1000", 4) = 4 [pid 6987] close(3) = 0 [pid 6987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6987] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6987] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6987] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6987] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6988 attached => {parent_tid=[6988]}, 88) = 6988 [pid 6988] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6987] rt_sigprocmask(SIG_SETMASK, [], [pid 6988] set_robust_list(0x7f6d468e79a0, 24 [pid 6987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6988] <... set_robust_list resumed>) = 0 [pid 6987] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] rt_sigprocmask(SIG_SETMASK, [], [pid 6987] <... futex resumed>) = 0 [pid 6988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6987] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6988] memfd_create("syzkaller", 0) = 3 [pid 6988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6988] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6988] close(3) = 0 [pid 6988] mkdir("./bus", 0777) = 0 [pid 6988] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6988] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6988] chdir("./bus") = 0 [pid 6988] ioctl(4, LOOP_CLR_FD) = 0 [pid 6988] close(4) = 0 [pid 6988] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6987] <... futex resumed>) = 0 [pid 6987] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6987] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6988] <... futex resumed>) = 0 [pid 6988] memfd_create("syzkaller", 0) = 4 [pid 6988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6988] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6988] munmap(0x7f6d360cf000, 32768) = 0 [pid 6988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6988] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6988] ioctl(5, LOOP_CLR_FD) = 0 [pid 6988] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6988] close(5) = 0 [pid 6988] close(4) = 0 [pid 6988] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6987] <... futex resumed>) = 0 [pid 6988] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6987] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6987] <... futex resumed>) = 0 [pid 6988] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6987] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... openat resumed>) = 4 [pid 6988] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6987] <... futex resumed>) = 0 [pid 6988] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6987] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6987] <... futex resumed>) = 0 [pid 6988] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6987] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... write resumed>) = 12288 [pid 6988] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] <... futex resumed>) = 0 [pid 6987] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6987] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... futex resumed>) = 1 [pid 6988] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6988] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] <... futex resumed>) = 0 [pid 6987] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6987] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... futex resumed>) = 1 [pid 6988] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6988] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6988] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] <... futex resumed>) = 0 [pid 6987] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6987] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6987] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6989 attached => {parent_tid=[6989]}, 88) = 6989 [pid 6987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6987] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6987] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6989] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 6989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6989] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6989] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] <... futex resumed>) = 0 [pid 6989] <... futex resumed>) = 1 [pid 6989] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] <... futex resumed>) = 1 [pid 6988] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6988] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6988] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6987] exit_group(0 [pid 6989] <... futex resumed>) = ? [pid 6987] <... exit_group resumed>) = ? [pid 6989] +++ exited with 0 +++ [pid 6988] <... futex resumed>) = ? [pid 6988] +++ exited with 0 +++ [pid 6987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6987, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./647", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./647/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 165.275547][ T6988] loop0: detected capacity change from 0 to 64 umount2("./647/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./647/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./647/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./647/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./647/bus") = 0 umount2("./647/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./647/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./647/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./647") = 0 mkdir("./648", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6990 attached , child_tidptr=0x5555564f6750) = 6990 [pid 6990] set_robust_list(0x5555564f6760, 24) = 0 [pid 6990] chdir("./648") = 0 [pid 6990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6990] setpgid(0, 0) = 0 [pid 6990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6990] write(3, "1000", 4) = 4 [pid 6990] close(3) = 0 [pid 6990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6990] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6990] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6990] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6990] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[6991]}, 88) = 6991 ./strace-static-x86_64: Process 6991 attached [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6991] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 6991] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6991] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6990] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6991] memfd_create("syzkaller", 0) = 3 [pid 6991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6991] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6991] close(3) = 0 [pid 6991] mkdir("./bus", 0777) = 0 [pid 6991] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6991] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6991] chdir("./bus") = 0 [pid 6991] ioctl(4, LOOP_CLR_FD) = 0 [pid 6991] close(4) = 0 [pid 6991] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6990] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6991] memfd_create("syzkaller", 0) = 4 [pid 6991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6991] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6991] munmap(0x7f6d360cf000, 32768) = 0 [pid 6991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6991] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6991] ioctl(5, LOOP_CLR_FD) = 0 [pid 6991] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6991] close(5) = 0 [pid 6991] close(4) = 0 [pid 6991] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6991] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6990] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6990] <... futex resumed>) = 0 [pid 6991] <... openat resumed>) = 4 [pid 6990] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... futex resumed>) = 1 [pid 6991] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6991] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... futex resumed>) = 1 [pid 6991] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6991] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... futex resumed>) = 1 [pid 6991] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6991] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6991] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6991] <... futex resumed>) = 1 [pid 6990] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6990] <... futex resumed>) = 0 [pid 6991] <... openat resumed>) = 6 [pid 6990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6990] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6991] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... mprotect resumed>) = 0 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6992 attached => {parent_tid=[6992]}, 88) = 6992 [pid 6992] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6992] set_robust_list(0x7f6d360d69a0, 24 [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6992] <... set_robust_list resumed>) = 0 [pid 6990] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] rt_sigprocmask(SIG_SETMASK, [], [pid 6990] <... futex resumed>) = 0 [pid 6992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6992] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6990] exit_group(0 [pid 6991] <... futex resumed>) = ? [pid 6991] +++ exited with 0 +++ [pid 6990] <... exit_group resumed>) = ? [pid 6992] <... futex resumed>) = ? [pid 6992] +++ exited with 0 +++ [pid 6990] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6990, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./648", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./648/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./648/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./648/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./648/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./648/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./648/bus") = 0 umount2("./648/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./648/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./648/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./648") = 0 mkdir("./649", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6993 attached [ 165.375433][ T6991] loop0: detected capacity change from 0 to 64 [pid 6993] set_robust_list(0x5555564f6760, 24) = 0 [pid 6993] chdir("./649") = 0 [pid 6993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6993] setpgid(0, 0) = 0 [pid 6993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6993] write(3, "1000", 4) = 4 [pid 6993] close(3) = 0 [pid 6993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6993] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6993] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6993] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6994 attached => {parent_tid=[6994]}, 88) = 6994 [pid 6994] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6993] rt_sigprocmask(SIG_SETMASK, [], [pid 6994] <... rseq resumed>) = 0 [pid 6994] set_robust_list(0x7f6d468e79a0, 24 [pid 6993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6994] <... set_robust_list resumed>) = 0 [pid 6993] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6994] rt_sigprocmask(SIG_SETMASK, [], [pid 6993] <... futex resumed>) = 0 [pid 6994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6993] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6994] memfd_create("syzkaller", 0) = 3 [pid 6994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6994] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6994] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 6993 [pid 6994] <... openat resumed>) = 4 [pid 6994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6994] close(3) = 0 [pid 6994] mkdir("./bus", 0777) = 0 [pid 6994] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6994] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6994] chdir("./bus") = 0 [pid 6994] ioctl(4, LOOP_CLR_FD) = 0 [pid 6994] close(4) = 0 [pid 6994] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6993] <... futex resumed>) = 0 [pid 6993] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6994] memfd_create("syzkaller", 0) = 4 [pid 6993] <... futex resumed>) = 0 [pid 6993] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6994] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6994] munmap(0x7f6d360cf000, 32768) = 0 [pid 6994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6994] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6994] ioctl(5, LOOP_CLR_FD) = 0 [pid 6994] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6994] close(5) = 0 [pid 6994] close(4) = 0 [pid 6994] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = 0 [pid 6993] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6994] <... futex resumed>) = 1 [pid 6993] <... futex resumed>) = 0 [pid 6994] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6993] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] <... openat resumed>) = 4 [pid 6994] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = 0 [pid 6993] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6993] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] <... futex resumed>) = 1 [pid 6994] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6994] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = 0 [pid 6993] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] <... futex resumed>) = 1 [pid 6993] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6994] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = 0 [pid 6994] <... futex resumed>) = 1 [pid 6993] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6994] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6993] <... futex resumed>) = 0 [pid 6993] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6994] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6994] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6993] <... futex resumed>) = 0 [pid 6994] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6993] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6994] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6993] <... futex resumed>) = 0 [pid 6994] <... openat resumed>) = 6 [pid 6993] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6994] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6993] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 6994] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6993] <... mprotect resumed>) = 0 [pid 6993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6995 attached => {parent_tid=[6995]}, 88) = 6995 [pid 6995] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 6993] rt_sigprocmask(SIG_SETMASK, [], [pid 6995] <... rseq resumed>) = 0 [pid 6993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6995] set_robust_list(0x7f6d360d69a0, 24 [pid 6993] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] <... set_robust_list resumed>) = 0 [pid 6995] rt_sigprocmask(SIG_SETMASK, [], [pid 6993] <... futex resumed>) = 0 [pid 6995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6993] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6995] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 6995] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = 0 [pid 6995] <... futex resumed>) = 1 [pid 6995] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6993] exit_group(0 [pid 6995] <... futex resumed>) = ? [pid 6994] <... futex resumed>) = ? [pid 6995] +++ exited with 0 +++ [pid 6994] +++ exited with 0 +++ [pid 6993] <... exit_group resumed>) = ? [pid 6993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6993, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./649", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./649/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./649/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./649/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./649/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./649/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./649/bus") = 0 [ 165.444943][ T6994] loop0: detected capacity change from 0 to 64 umount2("./649/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./649/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./649/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./649") = 0 mkdir("./650", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6996 attached , child_tidptr=0x5555564f6750) = 6996 [pid 6996] set_robust_list(0x5555564f6760, 24) = 0 [pid 6996] chdir("./650") = 0 [pid 6996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6996] setpgid(0, 0) = 0 [pid 6996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6996] write(3, "1000", 4) = 4 [pid 6996] close(3) = 0 [pid 6996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6996] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6996] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6996] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6996] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 6997 attached [pid 6997] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6996] <... clone3 resumed> => {parent_tid=[6997]}, 88) = 6997 [pid 6997] <... rseq resumed>) = 0 [pid 6996] rt_sigprocmask(SIG_SETMASK, [], [pid 6997] set_robust_list(0x7f6d468e79a0, 24 [pid 6996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6997] <... set_robust_list resumed>) = 0 [pid 6996] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6996] <... futex resumed>) = 0 [pid 6997] memfd_create("syzkaller", 0 [pid 6996] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6997] <... memfd_create resumed>) = 3 [pid 6997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 6997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6997] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 6997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6997] close(3) = 0 [pid 6997] mkdir("./bus", 0777) = 0 [pid 6997] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 6997] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6997] chdir("./bus") = 0 [pid 6997] ioctl(4, LOOP_CLR_FD) = 0 [pid 6997] close(4) = 0 [pid 6997] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6997] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6996] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6997] <... futex resumed>) = 0 [pid 6997] memfd_create("syzkaller", 0) = 4 [pid 6997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 6997] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 6997] munmap(0x7f6d360cf000, 32768) = 0 [pid 6997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 6997] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6997] ioctl(5, LOOP_CLR_FD) = 0 [pid 6997] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 6997] close(5) = 0 [pid 6997] close(4) = 0 [pid 6997] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6997] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... futex resumed>) = 0 [pid 6996] <... futex resumed>) = 1 [pid 6997] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6996] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6996] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 6997] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6996] <... futex resumed>) = 0 [pid 6997] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6996] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... mmap resumed>) = 0x20000000 [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6996] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 6997] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 6997] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6996] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6996] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 6998 attached => {parent_tid=[6998]}, 88) = 6998 [pid 6997] <... futex resumed>) = 1 [pid 6997] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 6998] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6996] rt_sigprocmask(SIG_SETMASK, [], [pid 6998] set_robust_list(0x7f6d360d69a0, 24 [pid 6997] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6998] <... set_robust_list resumed>) = 0 [pid 6997] <... openat resumed>) = 6 [pid 6996] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6998] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6998] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 6998] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6996] <... futex resumed>) = 0 [pid 6998] <... futex resumed>) = 1 [pid 6996] exit_group(0 [pid 6998] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] <... exit_group resumed>) = ? [pid 6998] <... futex resumed>) = ? [pid 6998] +++ exited with 0 +++ [pid 6997] <... futex resumed>) = ? [pid 6997] +++ exited with 0 +++ [pid 6996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6996, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./650", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./650/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./650/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./650/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./650/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./650/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./650/bus") = 0 umount2("./650/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./650/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./650/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./650") = 0 [ 165.542218][ T6997] loop0: detected capacity change from 0 to 64 mkdir("./651", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 6999 ./strace-static-x86_64: Process 6999 attached [pid 6999] set_robust_list(0x5555564f6760, 24) = 0 [pid 6999] chdir("./651") = 0 [pid 6999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6999] setpgid(0, 0) = 0 [pid 6999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6999] write(3, "1000", 4) = 4 [pid 6999] close(3) = 0 [pid 6999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6999] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 6999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 6999] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7000 attached [pid 7000] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 6999] <... clone3 resumed> => {parent_tid=[7000]}, 88) = 7000 [pid 7000] <... rseq resumed>) = 0 [pid 6999] rt_sigprocmask(SIG_SETMASK, [], [pid 7000] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 6999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6999] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] memfd_create("syzkaller", 0 [pid 6999] <... futex resumed>) = 0 [pid 6999] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7000] <... memfd_create resumed>) = 3 [pid 7000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7000] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7000] close(3) = 0 [pid 7000] mkdir("./bus", 0777) = 0 [pid 7000] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7000] chdir("./bus") = 0 [pid 7000] ioctl(4, LOOP_CLR_FD) = 0 [pid 7000] close(4) = 0 [pid 7000] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... futex resumed>) = 0 [pid 6999] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7000] <... futex resumed>) = 1 [pid 7000] memfd_create("syzkaller", 0) = 4 [pid 7000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7000] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7000] munmap(0x7f6d360cf000, 32768) = 0 [pid 7000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7000] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7000] ioctl(5, LOOP_CLR_FD) = 0 [pid 7000] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7000] close(5) = 0 [pid 7000] close(4) = 0 [pid 7000] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... futex resumed>) = 0 [pid 6999] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] <... futex resumed>) = 1 [pid 7000] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7000] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... futex resumed>) = 0 [pid 7000] <... futex resumed>) = 1 [pid 6999] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 6999] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] <... write resumed>) = 12288 [pid 7000] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... futex resumed>) = 0 [pid 6999] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] <... futex resumed>) = 1 [pid 7000] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7000] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... futex resumed>) = 0 [pid 6999] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] <... futex resumed>) = 1 [pid 7000] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7000] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7000] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... futex resumed>) = 0 [pid 6999] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 6999] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7000] <... futex resumed>) = 1 [pid 6999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7000] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7000] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 6999] <... clone3 resumed> => {parent_tid=[7001]}, 88) = 7001 [pid 6999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6999] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6999] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7001 attached [pid 7001] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7001] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7001] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7001] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... futex resumed>) = 0 [pid 6999] exit_group(0) = ? [pid 7000] <... futex resumed>) = ? [pid 7001] <... futex resumed>) = ? [pid 7000] +++ exited with 0 +++ [pid 7001] +++ exited with 0 +++ [pid 6999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6999, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./651", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 165.628102][ T7000] loop0: detected capacity change from 0 to 64 umount2("./651/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./651/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./651/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./651/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./651/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./651/bus") = 0 umount2("./651/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./651/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./651/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./651") = 0 mkdir("./652", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7002 attached , child_tidptr=0x5555564f6750) = 7002 [pid 7002] set_robust_list(0x5555564f6760, 24) = 0 [pid 7002] chdir("./652") = 0 [pid 7002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7002] setpgid(0, 0) = 0 [pid 7002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7002] write(3, "1000", 4) = 4 [pid 7002] close(3) = 0 [pid 7002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7002] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7002] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7002] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7002] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7003 attached => {parent_tid=[7003]}, 88) = 7003 [pid 7003] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7002] rt_sigprocmask(SIG_SETMASK, [], [pid 7003] set_robust_list(0x7f6d468e79a0, 24 [pid 7002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7003] <... set_robust_list resumed>) = 0 [pid 7002] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] rt_sigprocmask(SIG_SETMASK, [], [pid 7002] <... futex resumed>) = 0 [pid 7003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7003] memfd_create("syzkaller", 0 [pid 7002] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7003] <... memfd_create resumed>) = 3 [pid 7003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7003] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7003] close(3) = 0 [pid 7003] mkdir("./bus", 0777) = 0 [pid 7003] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7003] chdir("./bus") = 0 [pid 7003] ioctl(4, LOOP_CLR_FD) = 0 [pid 7003] close(4) = 0 [pid 7003] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] <... futex resumed>) = 0 [pid 7003] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7003] <... futex resumed>) = 0 [pid 7003] memfd_create("syzkaller", 0) = 4 [pid 7003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7003] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7003] munmap(0x7f6d360cf000, 32768) = 0 [pid 7003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7003] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7003] ioctl(5, LOOP_CLR_FD) = 0 [pid 7003] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7003] close(5) = 0 [pid 7003] close(4) = 0 [pid 7003] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] <... futex resumed>) = 0 [pid 7003] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7002] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7003] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7003] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] <... futex resumed>) = 0 [pid 7003] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7002] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7002] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7003] <... write resumed>) = 12288 [pid 7003] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] <... futex resumed>) = 0 [pid 7002] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7002] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7003] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7003] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] <... futex resumed>) = 0 [pid 7003] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] <... futex resumed>) = 0 [pid 7002] <... futex resumed>) = 1 [pid 7002] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7003] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7003] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7003] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7002] <... futex resumed>) = 0 [pid 7003] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7003] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7002] <... futex resumed>) = 0 [pid 7002] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7002] <... futex resumed>) = 0 [pid 7002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7003] <... openat resumed>) = 6 [pid 7003] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7003] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7004 attached => {parent_tid=[7004]}, 88) = 7004 [pid 7002] rt_sigprocmask(SIG_SETMASK, [], [pid 7004] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7004] set_robust_list(0x7f6d360d69a0, 24 [pid 7002] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7004] <... set_robust_list resumed>) = 0 [pid 7002] <... futex resumed>) = 0 [pid 7002] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7004] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7004] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7002] <... futex resumed>) = 0 [pid 7004] <... futex resumed>) = 1 [pid 7002] exit_group(0 [pid 7004] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] <... exit_group resumed>) = ? [pid 7003] <... futex resumed>) = ? [pid 7004] <... futex resumed>) = ? [pid 7004] +++ exited with 0 +++ [pid 7003] +++ exited with 0 +++ [pid 7002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7002, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./652", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 165.713306][ T7003] loop0: detected capacity change from 0 to 64 umount2("./652/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./652/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./652/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./652/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./652/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./652/bus") = 0 umount2("./652/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./652/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./652/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./652") = 0 mkdir("./653", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7005 attached , child_tidptr=0x5555564f6750) = 7005 [pid 7005] set_robust_list(0x5555564f6760, 24) = 0 [pid 7005] chdir("./653") = 0 [pid 7005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7005] setpgid(0, 0) = 0 [pid 7005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7005] write(3, "1000", 4) = 4 [pid 7005] close(3) = 0 [pid 7005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7005] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7005] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7005] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7006 attached [pid 7006] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7006] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7006] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7005] <... clone3 resumed> => {parent_tid=[7006]}, 88) = 7006 [pid 7005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7005] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7005] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7006] memfd_create("syzkaller", 0) = 3 [pid 7006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7006] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7006] close(3) = 0 [pid 7006] mkdir("./bus", 0777) = 0 [pid 7006] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7006] chdir("./bus") = 0 [pid 7006] ioctl(4, LOOP_CLR_FD) = 0 [pid 7006] close(4) = 0 [pid 7006] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7006] <... futex resumed>) = 1 [pid 7006] memfd_create("syzkaller", 0) = 4 [pid 7006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7006] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7006] munmap(0x7f6d360cf000, 32768) = 0 [pid 7006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7006] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7006] ioctl(5, LOOP_CLR_FD) = 0 [pid 7006] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7006] close(5) = 0 [pid 7006] close(4) = 0 [pid 7006] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7006] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7006] <... futex resumed>) = 0 [pid 7005] <... futex resumed>) = 1 [pid 7006] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7005] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7006] <... openat resumed>) = 4 [pid 7006] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7006] <... futex resumed>) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7006] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7005] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7006] <... write resumed>) = 12288 [pid 7006] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7006] <... futex resumed>) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7006] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7005] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7006] <... mmap resumed>) = 0x20000000 [pid 7006] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7006] <... futex resumed>) = 1 [pid 7006] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7006] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7006] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7005] <... futex resumed>) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7006] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7005] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7005] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7006] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7006] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7005] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7005] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7006] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[7007]}, 88) = 7007 [pid 7005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7005] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7007 attached [pid 7007] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7007] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7007] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7007] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7007] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7007] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7005] exit_group(0 [pid 7007] <... futex resumed>) = ? [pid 7005] <... exit_group resumed>) = ? [pid 7007] +++ exited with 0 +++ [pid 7006] <... futex resumed>) = ? [pid 7006] +++ exited with 0 +++ [pid 7005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7005, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./653", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./653/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./653/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./653/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./653/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./653/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./653/bus") = 0 umount2("./653/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./653/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 165.817011][ T7006] loop0: detected capacity change from 0 to 64 unlink("./653/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./653") = 0 mkdir("./654", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7008 attached , child_tidptr=0x5555564f6750) = 7008 [pid 7008] set_robust_list(0x5555564f6760, 24) = 0 [pid 7008] chdir("./654") = 0 [pid 7008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7008] setpgid(0, 0) = 0 [pid 7008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7008] write(3, "1000", 4) = 4 [pid 7008] close(3) = 0 [pid 7008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7008] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7008] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7009 attached [pid 7009] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7008] <... clone3 resumed> => {parent_tid=[7009]}, 88) = 7009 [pid 7009] <... rseq resumed>) = 0 [pid 7008] rt_sigprocmask(SIG_SETMASK, [], [pid 7009] set_robust_list(0x7f6d468e79a0, 24 [pid 7008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7009] <... set_robust_list resumed>) = 0 [pid 7009] rt_sigprocmask(SIG_SETMASK, [], [pid 7008] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7008] <... futex resumed>) = 0 [pid 7009] memfd_create("syzkaller", 0) = 3 [pid 7009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7008] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7009] <... mmap resumed>) = 0x7f6d3e4c7000 [pid 7009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7009] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7009] close(3) = 0 [pid 7009] mkdir("./bus", 0777) = 0 [pid 7009] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7009] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7009] chdir("./bus") = 0 [pid 7009] ioctl(4, LOOP_CLR_FD) = 0 [pid 7009] close(4) = 0 [pid 7009] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7008] <... futex resumed>) = 0 [pid 7009] <... futex resumed>) = 1 [pid 7008] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] memfd_create("syzkaller", 0 [pid 7008] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7009] <... memfd_create resumed>) = 4 [pid 7009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7009] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7009] munmap(0x7f6d360cf000, 32768) = 0 [pid 7009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7009] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7009] ioctl(5, LOOP_CLR_FD) = 0 [pid 7009] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7009] close(5) = 0 [pid 7009] close(4) = 0 [pid 7009] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7009] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7008] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7009] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7009] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7008] <... futex resumed>) = 0 [pid 7009] <... write resumed>) = 12288 [pid 7008] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7009] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7009] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7009] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7009] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7008] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7009] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7009] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7009] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7009] <... openat resumed>) = 6 [pid 7009] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7008] <... mmap resumed>) = 0x7f6d360b6000 [pid 7009] <... futex resumed>) = 0 [pid 7008] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7009] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7008] <... mprotect resumed>) = 0 [pid 7008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 165.910997][ T7009] loop0: detected capacity change from 0 to 64 [pid 7008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7010 attached [pid 7010] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7008] <... clone3 resumed> => {parent_tid=[7010]}, 88) = 7010 [pid 7010] <... rseq resumed>) = 0 [pid 7008] rt_sigprocmask(SIG_SETMASK, [], [pid 7010] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7010] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7008] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] <... futex resumed>) = 0 [pid 7010] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7010] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7008] <... futex resumed>) = 0 [pid 7008] exit_group(0 [pid 7009] <... futex resumed>) = ? [pid 7008] <... exit_group resumed>) = ? [pid 7009] +++ exited with 0 +++ [pid 7010] <... futex resumed>) = ? [pid 7010] +++ exited with 0 +++ [pid 7008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7008, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./654", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./654/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./654/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./654/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./654/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./654/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./654/bus") = 0 umount2("./654/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./654/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./654/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./654") = 0 mkdir("./655", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7011 attached [pid 7011] set_robust_list(0x5555564f6760, 24) = 0 [pid 7011] chdir("./655") = 0 [pid 7011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7011] setpgid(0, 0) = 0 [pid 7011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7011] write(3, "1000", 4) = 4 [pid 7011] close(3) = 0 [pid 7011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7011] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7011 [pid 7011] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7011] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7011] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7012 attached => {parent_tid=[7012]}, 88) = 7012 [pid 7012] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7012] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7011] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] rt_sigprocmask(SIG_SETMASK, [], [pid 7011] <... futex resumed>) = 0 [pid 7012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7011] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7012] memfd_create("syzkaller", 0) = 3 [pid 7012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7012] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7012] close(3) = 0 [pid 7012] mkdir("./bus", 0777) = 0 [pid 7012] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7012] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7012] chdir("./bus") = 0 [pid 7012] ioctl(4, LOOP_CLR_FD) = 0 [pid 7012] close(4) = 0 [pid 7012] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7011] <... futex resumed>) = 0 [pid 7012] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7011] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7012] memfd_create("syzkaller", 0) = 4 [pid 7012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7012] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 7011] <... futex resumed>) = 0 [pid 7012] <... write resumed>) = 32768 [pid 7012] munmap(0x7f6d360cf000, 32768 [pid 7011] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7012] <... munmap resumed>) = 0 [pid 7012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7012] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7012] ioctl(5, LOOP_CLR_FD) = 0 [pid 7012] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7012] close(5) = 0 [pid 7012] close(4) = 0 [pid 7012] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 0 [pid 7011] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7011] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] <... futex resumed>) = 1 [pid 7012] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7012] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 0 [pid 7011] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7011] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] <... futex resumed>) = 1 [pid 7012] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7012] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 0 [pid 7011] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7011] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] <... futex resumed>) = 1 [pid 7012] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7012] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 0 [pid 7012] <... futex resumed>) = 1 [pid 7011] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7011] <... futex resumed>) = 0 [pid 7012] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7011] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] <... openat resumed>) = 5 [pid 7012] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 0 [pid 7011] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7011] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7012] <... futex resumed>) = 1 [pid 7011] <... mmap resumed>) = 0x7f6d360b6000 [pid 7012] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7012] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7011] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7011] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7012] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7012] <... futex resumed>) = 0 [pid 7011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7012] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7013 attached [pid 7013] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7013] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7011] <... clone3 resumed> => {parent_tid=[7013]}, 88) = 7013 [pid 7013] rt_sigprocmask(SIG_SETMASK, [], [pid 7011] rt_sigprocmask(SIG_SETMASK, [], [pid 7013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7013] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7011] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7011] <... futex resumed>) = 0 [pid 7013] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7011] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7013] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7013] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7013] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7011] <... futex resumed>) = 0 [pid 7011] exit_group(0 [pid 7012] <... futex resumed>) = ? [pid 7013] <... futex resumed>) = ? [pid 7013] +++ exited with 0 +++ [pid 7012] +++ exited with 0 +++ [pid 7011] <... exit_group resumed>) = ? [pid 7011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7011, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./655", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./655/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 166.024261][ T7012] loop0: detected capacity change from 0 to 64 umount2("./655/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./655/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./655/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./655/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./655/bus") = 0 umount2("./655/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./655/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./655/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./655") = 0 mkdir("./656", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7014 ./strace-static-x86_64: Process 7014 attached [pid 7014] set_robust_list(0x5555564f6760, 24) = 0 [pid 7014] chdir("./656") = 0 [pid 7014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7014] setpgid(0, 0) = 0 [pid 7014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7014] write(3, "1000", 4) = 4 [pid 7014] close(3) = 0 [pid 7014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7014] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7014] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7015 attached => {parent_tid=[7015]}, 88) = 7015 [pid 7014] rt_sigprocmask(SIG_SETMASK, [], [pid 7015] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7015] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7014] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7015] memfd_create("syzkaller", 0) = 3 [pid 7015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7015] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7015] close(3) = 0 [pid 7015] mkdir("./bus", 0777) = 0 [pid 7015] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7015] chdir("./bus") = 0 [pid 7015] ioctl(4, LOOP_CLR_FD) = 0 [pid 7015] close(4) = 0 [pid 7015] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7015] memfd_create("syzkaller", 0) = 4 [pid 7015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7015] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7015] munmap(0x7f6d360cf000, 32768) = 0 [pid 7015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7015] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7015] ioctl(5, LOOP_CLR_FD) = 0 [pid 7015] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7015] close(5) = 0 [pid 7015] close(4) = 0 [pid 7015] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7015] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7014] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7015] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7015] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7015] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7014] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7014] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7015] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7015] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7015] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7015] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7015] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7014] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7015] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7014] <... mprotect resumed>) = 0 [pid 7014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7016 attached => {parent_tid=[7016]}, 88) = 7016 [pid 7015] <... openat resumed>) = 6 [pid 7016] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7014] rt_sigprocmask(SIG_SETMASK, [], [pid 7016] <... rseq resumed>) = 0 [pid 7014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7016] set_robust_list(0x7f6d360d69a0, 24 [pid 7014] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7016] <... set_robust_list resumed>) = 0 [pid 7016] rt_sigprocmask(SIG_SETMASK, [], [pid 7014] <... futex resumed>) = 0 [pid 7016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7014] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7016] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7015] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7016] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7014] <... futex resumed>) = 0 [pid 7016] <... futex resumed>) = 1 [pid 7016] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7015] <... futex resumed>) = 0 [pid 7014] exit_group(0 [pid 7016] <... futex resumed>) = ? [pid 7016] +++ exited with 0 +++ [pid 7014] <... exit_group resumed>) = ? [pid 7015] +++ exited with 0 +++ [pid 7014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7014, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./656", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./656/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./656/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./656/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./656/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./656/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./656/bus") = 0 [ 166.129191][ T7015] loop0: detected capacity change from 0 to 64 umount2("./656/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./656/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./656/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./656") = 0 mkdir("./657", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7017 ./strace-static-x86_64: Process 7017 attached [pid 7017] set_robust_list(0x5555564f6760, 24) = 0 [pid 7017] chdir("./657") = 0 [pid 7017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7017] setpgid(0, 0) = 0 [pid 7017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7017] write(3, "1000", 4) = 4 [pid 7017] close(3) = 0 [pid 7017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7017] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7017] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7017] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7018 attached [pid 7018] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7017] <... clone3 resumed> => {parent_tid=[7018]}, 88) = 7018 [pid 7018] <... rseq resumed>) = 0 [pid 7017] rt_sigprocmask(SIG_SETMASK, [], [pid 7018] set_robust_list(0x7f6d468e79a0, 24 [pid 7017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7018] <... set_robust_list resumed>) = 0 [pid 7018] rt_sigprocmask(SIG_SETMASK, [], [pid 7017] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7017] <... futex resumed>) = 0 [pid 7018] memfd_create("syzkaller", 0 [pid 7017] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7018] <... memfd_create resumed>) = 3 [pid 7018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7018] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7018] close(3) = 0 [pid 7018] mkdir("./bus", 0777) = 0 [pid 7018] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7018] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7018] chdir("./bus") = 0 [pid 7018] ioctl(4, LOOP_CLR_FD) = 0 [pid 7018] close(4) = 0 [pid 7018] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] <... futex resumed>) = 0 [pid 7017] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7018] memfd_create("syzkaller", 0) = 4 [pid 7018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7018] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7018] munmap(0x7f6d360cf000, 32768) = 0 [pid 7018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7018] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7018] ioctl(5, LOOP_CLR_FD) = 0 [pid 7018] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7018] close(5) = 0 [pid 7018] close(4) = 0 [pid 7018] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7017] <... futex resumed>) = 0 [pid 7018] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] <... futex resumed>) = 0 [pid 7017] <... futex resumed>) = 1 [pid 7018] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7017] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7018] <... openat resumed>) = 4 [pid 7018] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7018] <... write resumed>) = 12288 [pid 7018] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... futex resumed>) = 0 [pid 7018] <... futex resumed>) = 1 [pid 7017] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7018] <... mmap resumed>) = 0x20000000 [pid 7018] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7017] <... futex resumed>) = 0 [pid 7018] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7018] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7018] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7018] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] <... futex resumed>) = 0 [pid 7017] <... futex resumed>) = 1 [pid 7018] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7017] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7017] <... futex resumed>) = 0 [pid 7018] <... openat resumed>) = 6 [pid 7017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7017] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7018] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7018] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7019 attached [pid 7019] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7017] <... clone3 resumed> => {parent_tid=[7019]}, 88) = 7019 [pid 7019] <... rseq resumed>) = 0 [pid 7017] rt_sigprocmask(SIG_SETMASK, [], [pid 7019] set_robust_list(0x7f6d360d69a0, 24 [pid 7017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7019] <... set_robust_list resumed>) = 0 [pid 7017] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] rt_sigprocmask(SIG_SETMASK, [], [pid 7017] <... futex resumed>) = 0 [pid 7019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7017] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7019] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7019] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7019] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] <... futex resumed>) = 0 [pid 7017] exit_group(0 [pid 7018] <... futex resumed>) = ? [pid 7019] <... futex resumed>) = ? [pid 7018] +++ exited with 0 +++ [pid 7019] +++ exited with 0 +++ [pid 7017] <... exit_group resumed>) = ? [pid 7017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7017, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./657", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 166.206087][ T7018] loop0: detected capacity change from 0 to 64 umount2("./657/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./657/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./657/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./657/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./657/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./657/bus") = 0 umount2("./657/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./657/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./657/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./657") = 0 mkdir("./658", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7020 attached , child_tidptr=0x5555564f6750) = 7020 [pid 7020] set_robust_list(0x5555564f6760, 24) = 0 [pid 7020] chdir("./658") = 0 [pid 7020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7020] setpgid(0, 0) = 0 [pid 7020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7020] write(3, "1000", 4) = 4 [pid 7020] close(3) = 0 [pid 7020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7020] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7020] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7020] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7020] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7020] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7020] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7021]}, 88) = 7021 [pid 7020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7020] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7020] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7021 attached [pid 7021] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7021] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7021] memfd_create("syzkaller", 0) = 3 [pid 7021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7021] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7021] close(3) = 0 [pid 7021] mkdir("./bus", 0777) = 0 [pid 7021] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7021] chdir("./bus") = 0 [pid 7021] ioctl(4, LOOP_CLR_FD) = 0 [pid 7021] close(4) = 0 [pid 7021] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] <... futex resumed>) = 0 [pid 7020] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... futex resumed>) = 0 [pid 7020] <... futex resumed>) = 1 [pid 7021] memfd_create("syzkaller", 0 [pid 7020] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7021] <... memfd_create resumed>) = 4 [pid 7021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7021] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7021] munmap(0x7f6d360cf000, 32768) = 0 [pid 7021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7021] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7021] ioctl(5, LOOP_CLR_FD) = 0 [pid 7021] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7021] close(5) = 0 [pid 7021] close(4) = 0 [pid 7021] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] <... futex resumed>) = 0 [pid 7020] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... futex resumed>) = 0 [pid 7021] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7021] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] <... futex resumed>) = 1 [pid 7020] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7020] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... futex resumed>) = 0 [pid 7021] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7021] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] <... futex resumed>) = 1 [pid 7020] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7020] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... futex resumed>) = 0 [pid 7021] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7021] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] <... futex resumed>) = 1 [pid 7020] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7020] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... futex resumed>) = 0 [pid 7021] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7021] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7020] <... futex resumed>) = 1 [pid 7021] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7021] <... futex resumed>) = 0 [pid 7020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7021] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7020] <... futex resumed>) = 0 [pid 7021] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7020] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7020] <... futex resumed>) = 0 [pid 7021] <... openat resumed>) = 6 [pid 7020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7020] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7021] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] <... mprotect resumed>) = 0 [pid 7021] <... futex resumed>) = 0 [pid 7021] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7020] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7022 attached => {parent_tid=[7022]}, 88) = 7022 [pid 7022] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7020] rt_sigprocmask(SIG_SETMASK, [], [pid 7022] set_robust_list(0x7f6d360d69a0, 24 [pid 7020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7022] <... set_robust_list resumed>) = 0 [pid 7020] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7022] rt_sigprocmask(SIG_SETMASK, [], [pid 7020] <... futex resumed>) = 0 [pid 7022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7020] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7022] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7022] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] <... futex resumed>) = 0 [pid 7020] exit_group(0 [pid 7022] <... futex resumed>) = 1 [pid 7022] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7021] <... futex resumed>) = ? [pid 7022] <... futex resumed>) = ? [pid 7021] +++ exited with 0 +++ [pid 7022] +++ exited with 0 +++ [pid 7020] <... exit_group resumed>) = ? [pid 7020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7020, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./658", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 166.300025][ T7021] loop0: detected capacity change from 0 to 64 umount2("./658/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./658/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./658/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./658/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./658/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./658/bus") = 0 umount2("./658/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./658/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./658/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./658") = 0 mkdir("./659", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7023 attached , child_tidptr=0x5555564f6750) = 7023 [pid 7023] set_robust_list(0x5555564f6760, 24) = 0 [pid 7023] chdir("./659") = 0 [pid 7023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7023] setpgid(0, 0) = 0 [pid 7023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7023] write(3, "1000", 4) = 4 [pid 7023] close(3) = 0 [pid 7023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7023] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7023] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7023] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7024 attached [pid 7024] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7023] <... clone3 resumed> => {parent_tid=[7024]}, 88) = 7024 [pid 7024] <... rseq resumed>) = 0 [pid 7023] rt_sigprocmask(SIG_SETMASK, [], [pid 7024] set_robust_list(0x7f6d468e79a0, 24 [pid 7023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7024] <... set_robust_list resumed>) = 0 [pid 7023] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] rt_sigprocmask(SIG_SETMASK, [], [pid 7023] <... futex resumed>) = 0 [pid 7024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7024] memfd_create("syzkaller", 0 [pid 7023] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7024] <... memfd_create resumed>) = 3 [pid 7024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7024] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7024] close(3) = 0 [pid 7024] mkdir("./bus", 0777) = 0 [pid 7024] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7024] chdir("./bus") = 0 [pid 7024] ioctl(4, LOOP_CLR_FD) = 0 [pid 7024] close(4) = 0 [pid 7024] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... futex resumed>) = 0 [pid 7024] <... futex resumed>) = 1 [pid 7023] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] memfd_create("syzkaller", 0 [pid 7023] <... futex resumed>) = 0 [pid 7024] <... memfd_create resumed>) = 4 [pid 7023] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7024] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7024] munmap(0x7f6d360cf000, 32768) = 0 [pid 7024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7024] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7024] ioctl(5, LOOP_CLR_FD) = 0 [pid 7024] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7024] close(5) = 0 [pid 7024] close(4) = 0 [pid 7024] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7024] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7023] <... futex resumed>) = 0 [pid 7023] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] <... futex resumed>) = 0 [pid 7023] <... futex resumed>) = 1 [pid 7024] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7023] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7024] <... openat resumed>) = 4 [pid 7024] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... futex resumed>) = 0 [pid 7024] <... futex resumed>) = 1 [pid 7023] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7023] <... futex resumed>) = 0 [pid 7023] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7024] <... write resumed>) = 12288 [pid 7024] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... futex resumed>) = 0 [pid 7023] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7023] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7024] <... futex resumed>) = 1 [pid 7024] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7024] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7023] <... futex resumed>) = 0 [pid 7024] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7023] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7023] <... futex resumed>) = 0 [pid 7023] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7024] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... futex resumed>) = 0 [pid 7023] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7023] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] <... futex resumed>) = 1 [pid 7023] <... futex resumed>) = 0 [pid 7024] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7024] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7023] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7024] <... openat resumed>) = 6 [pid 7023] <... mprotect resumed>) = 0 [pid 7024] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7024] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7025 attached [pid 7025] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7023] <... clone3 resumed> => {parent_tid=[7025]}, 88) = 7025 [pid 7025] set_robust_list(0x7f6d360d69a0, 24 [pid 7023] rt_sigprocmask(SIG_SETMASK, [], [pid 7025] <... set_robust_list resumed>) = 0 [pid 7023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7025] rt_sigprocmask(SIG_SETMASK, [], [pid 7023] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7023] <... futex resumed>) = 0 [pid 7025] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7023] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7025] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7025] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... futex resumed>) = 0 [pid 7025] <... futex resumed>) = 1 [pid 7023] exit_group(0 [pid 7025] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 7023] <... exit_group resumed>) = ? [pid 7024] <... futex resumed>) = ? [pid 7025] +++ exited with 0 +++ [pid 7024] +++ exited with 0 +++ [pid 7023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7023, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./659", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./659/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./659/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./659/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./659/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./659/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 [ 166.365202][ T7024] loop0: detected capacity change from 0 to 64 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./659/bus") = 0 umount2("./659/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./659/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./659/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./659") = 0 mkdir("./660", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7026 ./strace-static-x86_64: Process 7026 attached [pid 7026] set_robust_list(0x5555564f6760, 24) = 0 [pid 7026] chdir("./660") = 0 [pid 7026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7026] setpgid(0, 0) = 0 [pid 7026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7026] write(3, "1000", 4) = 4 [pid 7026] close(3) = 0 [pid 7026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7026] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7026] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7027 attached [pid 7027] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7026] <... clone3 resumed> => {parent_tid=[7027]}, 88) = 7027 [pid 7027] set_robust_list(0x7f6d468e79a0, 24 [pid 7026] rt_sigprocmask(SIG_SETMASK, [], [pid 7027] <... set_robust_list resumed>) = 0 [pid 7026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7027] rt_sigprocmask(SIG_SETMASK, [], [pid 7026] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7026] <... futex resumed>) = 0 [pid 7027] memfd_create("syzkaller", 0 [pid 7026] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7027] <... memfd_create resumed>) = 3 [pid 7027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7027] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7027] close(3) = 0 [pid 7027] mkdir("./bus", 0777) = 0 [pid 7027] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7027] chdir("./bus") = 0 [pid 7027] ioctl(4, LOOP_CLR_FD) = 0 [pid 7027] close(4) = 0 [pid 7027] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7026] <... futex resumed>) = 0 [pid 7026] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... futex resumed>) = 0 [pid 7026] <... futex resumed>) = 1 [pid 7027] memfd_create("syzkaller", 0 [pid 7026] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7027] <... memfd_create resumed>) = 4 [pid 7027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7027] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7027] munmap(0x7f6d360cf000, 32768) = 0 [pid 7027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7027] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7027] ioctl(5, LOOP_CLR_FD) = 0 [pid 7027] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7027] close(5) = 0 [pid 7027] close(4) = 0 [pid 7027] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7026] <... futex resumed>) = 0 [pid 7027] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7026] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... openat resumed>) = 4 [pid 7027] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] <... futex resumed>) = 0 [pid 7027] <... futex resumed>) = 0 [pid 7026] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7026] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7026] <... futex resumed>) = 0 [pid 7027] <... write resumed>) = 12288 [pid 7026] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] <... futex resumed>) = 0 [pid 7026] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] <... futex resumed>) = 1 [pid 7027] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7027] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] <... futex resumed>) = 0 [pid 7026] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] <... futex resumed>) = 1 [pid 7027] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7027] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7027] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] <... futex resumed>) = 0 [pid 7026] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7026] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7028 attached => {parent_tid=[7028]}, 88) = 7028 [pid 7026] rt_sigprocmask(SIG_SETMASK, [], [pid 7028] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7026] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7026] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] <... rseq resumed>) = 0 [pid 7027] <... futex resumed>) = 1 [pid 7028] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7027] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7028] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7027] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7028] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7027] <... openat resumed>) = 6 [pid 7028] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7026] <... futex resumed>) = 0 [pid 7028] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7027] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7026] exit_group(0) = ? [pid 7027] <... futex resumed>) = ? [pid 7028] <... futex resumed>) = ? [pid 7027] +++ exited with 0 +++ [pid 7028] +++ exited with 0 +++ [pid 7026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7026, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./660", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 166.467569][ T7027] loop0: detected capacity change from 0 to 64 umount2("./660/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./660/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./660/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./660/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./660/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./660/bus") = 0 umount2("./660/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./660/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./660/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./660") = 0 mkdir("./661", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7029 attached , child_tidptr=0x5555564f6750) = 7029 [pid 7029] set_robust_list(0x5555564f6760, 24) = 0 [pid 7029] chdir("./661") = 0 [pid 7029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7029] setpgid(0, 0) = 0 [pid 7029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7029] write(3, "1000", 4) = 4 [pid 7029] close(3) = 0 [pid 7029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7029] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7029] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7030 attached [pid 7030] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7030] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7030] rt_sigprocmask(SIG_SETMASK, [], [pid 7029] <... clone3 resumed> => {parent_tid=[7030]}, 88) = 7030 [pid 7030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7029] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] memfd_create("syzkaller", 0 [pid 7029] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] <... memfd_create resumed>) = 3 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7030] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7030] close(3) = 0 [pid 7030] mkdir("./bus", 0777) = 0 [pid 7030] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7030] chdir("./bus") = 0 [pid 7030] ioctl(4, LOOP_CLR_FD) = 0 [pid 7030] close(4) = 0 [pid 7030] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7030] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] <... futex resumed>) = 0 [pid 7029] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = 0 [pid 7029] <... futex resumed>) = 1 [pid 7030] memfd_create("syzkaller", 0) = 4 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7029] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7030] munmap(0x7f6d360cf000, 32768) = 0 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7030] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7030] ioctl(5, LOOP_CLR_FD) = 0 [pid 7030] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7030] close(5) = 0 [pid 7030] close(4) = 0 [pid 7030] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] <... futex resumed>) = 0 [pid 7030] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7029] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] <... openat resumed>) = 4 [pid 7030] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7030] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7029] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] <... mmap resumed>) = 0x20000000 [pid 7030] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7029] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7029] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7030] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7030] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] <... futex resumed>) = 0 [pid 7029] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = 0 [pid 7030] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7029] <... futex resumed>) = 0 [pid 7029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7030] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7029] <... mmap resumed>) = 0x7f6d360b6000 [pid 7029] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7030] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7030] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7031 attached => {parent_tid=[7031]}, 88) = 7031 [pid 7031] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7029] rt_sigprocmask(SIG_SETMASK, [], [pid 7031] set_robust_list(0x7f6d360d69a0, 24 [pid 7029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7031] <... set_robust_list resumed>) = 0 [pid 7029] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] rt_sigprocmask(SIG_SETMASK, [], [pid 7029] <... futex resumed>) = 0 [pid 7031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7029] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7031] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7031] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [ 166.561970][ T7030] loop0: detected capacity change from 0 to 64 [pid 7031] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] exit_group(0 [pid 7031] <... futex resumed>) = ? [pid 7030] <... futex resumed>) = ? [pid 7029] <... exit_group resumed>) = ? [pid 7031] +++ exited with 0 +++ [pid 7030] +++ exited with 0 +++ [pid 7029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7029, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./661", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./661/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./661/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./661/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./661/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./661/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./661/bus") = 0 umount2("./661/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./661/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./661/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./661") = 0 mkdir("./662", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7032 attached [pid 7032] set_robust_list(0x5555564f6760, 24) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7032 [pid 7032] chdir("./662") = 0 [pid 7032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7032] setpgid(0, 0) = 0 [pid 7032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7032] write(3, "1000", 4) = 4 [pid 7032] close(3) = 0 [pid 7032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7032] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7032] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7032] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7033 attached [pid 7033] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7032] <... clone3 resumed> => {parent_tid=[7033]}, 88) = 7033 [pid 7033] <... rseq resumed>) = 0 [pid 7032] rt_sigprocmask(SIG_SETMASK, [], [pid 7033] set_robust_list(0x7f6d468e79a0, 24 [pid 7032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7033] <... set_robust_list resumed>) = 0 [pid 7032] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7032] <... futex resumed>) = 0 [pid 7033] memfd_create("syzkaller", 0 [pid 7032] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7033] <... memfd_create resumed>) = 3 [pid 7033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7033] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7033] close(3) = 0 [pid 7033] mkdir("./bus", 0777) = 0 [pid 7033] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7033] chdir("./bus") = 0 [pid 7033] ioctl(4, LOOP_CLR_FD) = 0 [pid 7033] close(4) = 0 [pid 7033] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] <... futex resumed>) = 0 [pid 7033] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7032] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] memfd_create("syzkaller", 0 [pid 7032] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7033] <... memfd_create resumed>) = 4 [pid 7033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7033] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7033] munmap(0x7f6d360cf000, 32768) = 0 [pid 7033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7033] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7033] ioctl(5, LOOP_CLR_FD) = 0 [pid 7033] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7033] close(5) = 0 [pid 7033] close(4) = 0 [pid 7033] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7033] <... futex resumed>) = 1 [pid 7032] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7032] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7033] <... openat resumed>) = 4 [pid 7033] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] <... futex resumed>) = 0 [pid 7033] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7032] <... futex resumed>) = 0 [pid 7033] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7032] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7033] <... write resumed>) = 12288 [pid 7033] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7033] <... futex resumed>) = 1 [pid 7033] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7032] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7032] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7033] <... mmap resumed>) = 0x20000000 [pid 7033] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7033] <... futex resumed>) = 1 [pid 7032] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7032] <... futex resumed>) = 0 [pid 7032] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7033] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7033] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7033] <... futex resumed>) = 1 [pid 7032] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7032] <... futex resumed>) = 0 [pid 7033] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7032] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] <... openat resumed>) = 6 [pid 7032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7033] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7032] <... mmap resumed>) = 0x7f6d360b6000 [pid 7033] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7034 attached [pid 7034] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7032] <... clone3 resumed> => {parent_tid=[7034]}, 88) = 7034 [pid 7034] <... rseq resumed>) = 0 [pid 7032] rt_sigprocmask(SIG_SETMASK, [], [pid 7034] set_robust_list(0x7f6d360d69a0, 24 [pid 7032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7034] <... set_robust_list resumed>) = 0 [pid 7032] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7032] <... futex resumed>) = 0 [pid 7034] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7032] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7034] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7034] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] <... futex resumed>) = 0 [ 166.653861][ T7033] loop0: detected capacity change from 0 to 64 [pid 7034] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] exit_group(0 [pid 7034] <... futex resumed>) = ? [pid 7032] <... exit_group resumed>) = ? [pid 7034] +++ exited with 0 +++ [pid 7033] <... futex resumed>) = ? [pid 7033] +++ exited with 0 +++ [pid 7032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7032, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./662", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./662/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./662/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./662/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./662/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./662/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./662/bus") = 0 umount2("./662/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./662/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./662/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./662") = 0 mkdir("./663", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7035 ./strace-static-x86_64: Process 7035 attached [pid 7035] set_robust_list(0x5555564f6760, 24) = 0 [pid 7035] chdir("./663") = 0 [pid 7035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7035] setpgid(0, 0) = 0 [pid 7035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7035] write(3, "1000", 4) = 4 [pid 7035] close(3) = 0 [pid 7035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7035] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7035] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7035] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7036 attached => {parent_tid=[7036]}, 88) = 7036 [pid 7036] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], [pid 7036] set_robust_list(0x7f6d468e79a0, 24 [pid 7035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7036] <... set_robust_list resumed>) = 0 [pid 7035] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] rt_sigprocmask(SIG_SETMASK, [], [pid 7035] <... futex resumed>) = 0 [pid 7036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7035] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7036] memfd_create("syzkaller", 0) = 3 [pid 7036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7036] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7036] close(3) = 0 [pid 7036] mkdir("./bus", 0777) = 0 [pid 7036] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7036] chdir("./bus") = 0 [pid 7036] ioctl(4, LOOP_CLR_FD) = 0 [pid 7036] close(4) = 0 [pid 7036] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7036] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7035] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] memfd_create("syzkaller", 0 [pid 7035] <... futex resumed>) = 0 [pid 7036] <... memfd_create resumed>) = 4 [pid 7035] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7036] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7036] munmap(0x7f6d360cf000, 32768) = 0 [pid 7036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7036] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7036] ioctl(5, LOOP_CLR_FD) = 0 [pid 7036] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7036] close(5) = 0 [pid 7036] close(4) = 0 [pid 7036] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7036] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] <... futex resumed>) = 0 [pid 7035] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] <... futex resumed>) = 0 [pid 7036] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7036] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] <... futex resumed>) = 1 [pid 7035] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7035] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7036] <... futex resumed>) = 0 [pid 7036] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7036] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7035] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7036] <... futex resumed>) = 0 [pid 7036] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7035] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7036] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7035] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7036] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7036] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7036] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... futex resumed>) = 0 [pid 7035] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7035] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7035] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7036] <... futex resumed>) = 1 [pid 7035] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7036] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7036] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7035] <... clone3 resumed> => {parent_tid=[7037]}, 88) = 7037 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7035] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7036] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7037 attached [pid 7037] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7037] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7037] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7037] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7037] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] <... futex resumed>) = 0 [pid 7035] exit_group(0) = ? [pid 7037] <... futex resumed>) = ? [pid 7037] +++ exited with 0 +++ [pid 7036] <... futex resumed>) = ? [pid 7036] +++ exited with 0 +++ [pid 7035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7035, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./663", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./663/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./663/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./663/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./663/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./663/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 166.762391][ T7036] loop0: detected capacity change from 0 to 64 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./663/bus") = 0 umount2("./663/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./663/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./663/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./663") = 0 mkdir("./664", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7038 attached [pid 7038] set_robust_list(0x5555564f6760, 24) = 0 [pid 7038] chdir("./664") = 0 [pid 7038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7038] setpgid(0, 0) = 0 [pid 7038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7038] write(3, "1000", 4) = 4 [pid 7038] close(3) = 0 [pid 7038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7038] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7038] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7038] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7038] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7038] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7038 [pid 7038] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7039]}, 88) = 7039 [pid 7038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7038] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7038] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7039 attached [pid 7039] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7039] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7039] memfd_create("syzkaller", 0) = 3 [pid 7039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7039] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7039] close(3) = 0 [pid 7039] mkdir("./bus", 0777) = 0 [pid 7039] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7039] chdir("./bus") = 0 [pid 7039] ioctl(4, LOOP_CLR_FD) = 0 [pid 7039] close(4) = 0 [pid 7039] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7039] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] <... futex resumed>) = 0 [pid 7038] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7038] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7039] <... futex resumed>) = 0 [pid 7039] memfd_create("syzkaller", 0) = 4 [pid 7039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7039] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7039] munmap(0x7f6d360cf000, 32768) = 0 [pid 7039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7039] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7039] ioctl(5, LOOP_CLR_FD) = 0 [pid 7039] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7039] close(5) = 0 [pid 7039] close(4) = 0 [pid 7039] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7038] <... futex resumed>) = 0 [pid 7039] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7038] <... futex resumed>) = 0 [pid 7039] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7038] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7039] <... openat resumed>) = 4 [pid 7039] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7038] <... futex resumed>) = 0 [pid 7038] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7038] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7039] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7039] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7038] <... futex resumed>) = 0 [pid 7039] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7038] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7038] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7039] <... mmap resumed>) = 0x20000000 [pid 7039] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7038] <... futex resumed>) = 0 [pid 7039] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7039] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7038] <... futex resumed>) = 0 [pid 7039] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7038] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7039] <... openat resumed>) = 5 [pid 7039] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7038] <... futex resumed>) = 0 [pid 7039] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7038] <... futex resumed>) = 0 [pid 7039] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7038] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7038] <... futex resumed>) = 0 [pid 7038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7039] <... openat resumed>) = 6 [pid 7038] <... mmap resumed>) = 0x7f6d360b6000 [pid 7039] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7039] <... futex resumed>) = 0 [pid 7039] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] <... mprotect resumed>) = 0 [pid 7038] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7040 attached => {parent_tid=[7040]}, 88) = 7040 [pid 7040] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7040] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7040] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7038] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] <... futex resumed>) = 0 [pid 7038] <... futex resumed>) = 1 [pid 7040] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7038] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7040] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7040] <... futex resumed>) = 0 [pid 7040] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] exit_group(0) = ? [pid 7040] <... futex resumed>) = ? [pid 7040] +++ exited with 0 +++ [pid 7039] <... futex resumed>) = ? [pid 7039] +++ exited with 0 +++ [pid 7038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7038, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./664", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./664/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 166.852454][ T7039] loop0: detected capacity change from 0 to 64 umount2("./664/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./664/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./664/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./664/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./664/bus") = 0 umount2("./664/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./664/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./664/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./664") = 0 mkdir("./665", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7041 attached [pid 7041] set_robust_list(0x5555564f6760, 24) = 0 [pid 7041] chdir("./665") = 0 [pid 7041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7041] setpgid(0, 0) = 0 [pid 7041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7041] write(3, "1000", 4) = 4 [pid 7041] close(3) = 0 [pid 7041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7041] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7041] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7041] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7042 attached [pid 7042] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7041] <... clone3 resumed> => {parent_tid=[7042]}, 88) = 7042 [pid 7042] <... rseq resumed>) = 0 [pid 7041] rt_sigprocmask(SIG_SETMASK, [], [pid 7042] set_robust_list(0x7f6d468e79a0, 24 [pid 7041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7042] <... set_robust_list resumed>) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7041 [pid 7042] rt_sigprocmask(SIG_SETMASK, [], [pid 7041] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7041] <... futex resumed>) = 0 [pid 7042] memfd_create("syzkaller", 0 [pid 7041] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7042] <... memfd_create resumed>) = 3 [pid 7042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7042] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7042] close(3) = 0 [pid 7042] mkdir("./bus", 0777) = 0 [pid 7042] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7042] chdir("./bus") = 0 [pid 7042] ioctl(4, LOOP_CLR_FD) = 0 [pid 7042] close(4) = 0 [pid 7042] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7042] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] <... futex resumed>) = 0 [pid 7041] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... futex resumed>) = 0 [pid 7041] <... futex resumed>) = 1 [pid 7042] memfd_create("syzkaller", 0) = 4 [pid 7041] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7042] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7042] munmap(0x7f6d360cf000, 32768) = 0 [pid 7042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7042] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7042] ioctl(5, LOOP_CLR_FD) = 0 [pid 7042] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7042] close(5) = 0 [pid 7042] close(4) = 0 [pid 7042] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... futex resumed>) = 0 [pid 7042] <... futex resumed>) = 1 [pid 7041] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7041] <... futex resumed>) = 0 [pid 7041] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... futex resumed>) = 0 [pid 7041] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7041] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] <... futex resumed>) = 1 [pid 7042] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7042] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... futex resumed>) = 0 [pid 7041] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7041] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] <... futex resumed>) = 1 [pid 7042] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7042] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... futex resumed>) = 0 [pid 7041] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7041] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] <... futex resumed>) = 1 [pid 7042] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7042] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7042] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... futex resumed>) = 0 [pid 7042] <... futex resumed>) = 1 [pid 7041] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7041] <... futex resumed>) = 0 [pid 7041] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7041] <... futex resumed>) = 0 [pid 7042] <... openat resumed>) = 6 [pid 7041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7041] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7042] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7041] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7042] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[7043]}, 88) = 7043 [pid 7041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7041] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7041] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7043 attached [pid 7043] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7043] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7043] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7043] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7041] <... futex resumed>) = 0 [pid 7043] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] exit_group(0 [pid 7042] <... futex resumed>) = ? [pid 7041] <... exit_group resumed>) = ? [pid 7042] +++ exited with 0 +++ [pid 7043] <... futex resumed>) = ? [ 166.955163][ T7042] loop0: detected capacity change from 0 to 64 [pid 7043] +++ exited with 0 +++ [pid 7041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7041, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./665", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./665/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./665/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./665/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./665/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./665/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./665/bus") = 0 umount2("./665/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./665/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./665/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./665") = 0 mkdir("./666", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7044 ./strace-static-x86_64: Process 7044 attached [pid 7044] set_robust_list(0x5555564f6760, 24) = 0 [pid 7044] chdir("./666") = 0 [pid 7044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7044] setpgid(0, 0) = 0 [pid 7044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7044] write(3, "1000", 4) = 4 [pid 7044] close(3) = 0 [pid 7044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7044] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7044] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7044] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7045 attached => {parent_tid=[7045]}, 88) = 7045 [pid 7044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7044] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7044] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7045] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7045] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7045] memfd_create("syzkaller", 0) = 3 [pid 7045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7045] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7045] close(3) = 0 [pid 7045] mkdir("./bus", 0777) = 0 [pid 7045] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7045] chdir("./bus") = 0 [pid 7045] ioctl(4, LOOP_CLR_FD) = 0 [pid 7045] close(4) = 0 [pid 7045] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] <... futex resumed>) = 0 [pid 7044] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] <... futex resumed>) = 1 [pid 7044] <... futex resumed>) = 0 [pid 7045] memfd_create("syzkaller", 0 [pid 7044] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7045] <... memfd_create resumed>) = 4 [pid 7045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7045] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7045] munmap(0x7f6d360cf000, 32768) = 0 [pid 7045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7045] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7045] ioctl(5, LOOP_CLR_FD) = 0 [pid 7045] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7045] close(5) = 0 [pid 7045] close(4) = 0 [pid 7045] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] <... futex resumed>) = 0 [pid 7045] <... futex resumed>) = 1 [pid 7044] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7044] <... futex resumed>) = 0 [pid 7045] <... openat resumed>) = 4 [pid 7044] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7044] <... futex resumed>) = 0 [pid 7045] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7044] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7044] <... futex resumed>) = 0 [pid 7045] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7044] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] <... write resumed>) = 12288 [pid 7045] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] <... futex resumed>) = 0 [pid 7044] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] <... futex resumed>) = 1 [pid 7044] <... futex resumed>) = 0 [pid 7045] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7044] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] <... mmap resumed>) = 0x20000000 [pid 7045] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] <... futex resumed>) = 0 [pid 7044] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7044] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] <... futex resumed>) = 1 [pid 7045] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7045] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7045] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] <... futex resumed>) = 0 [pid 7044] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7044] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7045] <... futex resumed>) = 1 [pid 7044] <... mmap resumed>) = 0x7f6d360b6000 [pid 7045] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7045] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7044] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7045] <... openat resumed>) = 6 [pid 7044] <... mprotect resumed>) = 0 [pid 7044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7045] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7046 attached [pid 7045] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7046] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7046] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7044] <... clone3 resumed> => {parent_tid=[7046]}, 88) = 7046 [pid 7046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7044] rt_sigprocmask(SIG_SETMASK, [], [pid 7046] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7044] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7046] <... futex resumed>) = 0 [pid 7044] <... futex resumed>) = 1 [pid 7046] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7044] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7046] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7046] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7044] <... futex resumed>) = 0 [pid 7046] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7044] exit_group(0 [pid 7046] <... futex resumed>) = ? [pid 7045] <... futex resumed>) = ? [pid 7044] <... exit_group resumed>) = ? [pid 7046] +++ exited with 0 +++ [pid 7045] +++ exited with 0 +++ [pid 7044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7044, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./666", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./666", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./666/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./666/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./666/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./666/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 167.066530][ T7045] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./666/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./666/bus") = 0 umount2("./666/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./666/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./666/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./666") = 0 mkdir("./667", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7047 attached , child_tidptr=0x5555564f6750) = 7047 [pid 7047] set_robust_list(0x5555564f6760, 24) = 0 [pid 7047] chdir("./667") = 0 [pid 7047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7047] setpgid(0, 0) = 0 [pid 7047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7047] write(3, "1000", 4) = 4 [pid 7047] close(3) = 0 [pid 7047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7047] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7047] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7047] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7048 attached [pid 7048] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7047] <... clone3 resumed> => {parent_tid=[7048]}, 88) = 7048 [pid 7047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7047] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7047] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7048] <... rseq resumed>) = 0 [pid 7048] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7048] memfd_create("syzkaller", 0) = 3 [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7048] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7048] close(3) = 0 [pid 7048] mkdir("./bus", 0777) = 0 [pid 7048] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7048] chdir("./bus") = 0 [pid 7048] ioctl(4, LOOP_CLR_FD) = 0 [pid 7048] close(4) = 0 [pid 7048] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... futex resumed>) = 0 [pid 7048] <... futex resumed>) = 1 [pid 7047] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] memfd_create("syzkaller", 0 [pid 7047] <... futex resumed>) = 0 [pid 7048] <... memfd_create resumed>) = 4 [pid 7047] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7048] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7048] munmap(0x7f6d360cf000, 32768) = 0 [pid 7048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7048] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7048] ioctl(5, LOOP_CLR_FD) = 0 [pid 7048] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7048] close(5) = 0 [pid 7048] close(4) = 0 [pid 7048] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = 1 [pid 7047] <... futex resumed>) = 0 [pid 7048] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7047] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] <... write resumed>) = 12288 [pid 7048] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] <... futex resumed>) = 1 [pid 7048] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7047] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] <... mmap resumed>) = 0x20000000 [pid 7048] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = 1 [pid 7047] <... futex resumed>) = 0 [pid 7048] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7047] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7048] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... futex resumed>) = 0 [pid 7047] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7047] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = 1 [pid 7047] <... futex resumed>) = 0 [pid 7048] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7048] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7047] <... mmap resumed>) = 0x7f6d360b6000 [pid 7047] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7048] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7049 attached => {parent_tid=[7049]}, 88) = 7049 [pid 7047] rt_sigprocmask(SIG_SETMASK, [], [pid 7049] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7049] <... rseq resumed>) = 0 [pid 7049] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7047] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] rt_sigprocmask(SIG_SETMASK, [], [pid 7047] <... futex resumed>) = 0 [pid 7049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7047] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7049] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7049] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... futex resumed>) = 0 [pid 7049] <... futex resumed>) = 1 [pid 7047] exit_group(0 [pid 7049] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7048] <... futex resumed>) = ? [pid 7047] <... exit_group resumed>) = ? [pid 7048] +++ exited with 0 +++ [pid 7049] <... futex resumed>) = ? [pid 7049] +++ exited with 0 +++ [pid 7047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7047, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./667", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./667/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./667/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./667/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./667/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./667/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 [ 167.169026][ T7048] loop0: detected capacity change from 0 to 64 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./667/bus") = 0 umount2("./667/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./667/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./667/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./667") = 0 mkdir("./668", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7050 ./strace-static-x86_64: Process 7050 attached [pid 7050] set_robust_list(0x5555564f6760, 24) = 0 [pid 7050] chdir("./668") = 0 [pid 7050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7050] setpgid(0, 0) = 0 [pid 7050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7050] write(3, "1000", 4) = 4 [pid 7050] close(3) = 0 [pid 7050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7050] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7050] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7050] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7051 attached [pid 7051] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7050] <... clone3 resumed> => {parent_tid=[7051]}, 88) = 7051 [pid 7050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7050] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7050] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7051] <... rseq resumed>) = 0 [pid 7051] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7051] memfd_create("syzkaller", 0) = 3 [pid 7051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7051] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7051] close(3) = 0 [pid 7051] mkdir("./bus", 0777) = 0 [pid 7051] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7051] chdir("./bus") = 0 [pid 7051] ioctl(4, LOOP_CLR_FD) = 0 [pid 7051] close(4) = 0 [pid 7051] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] <... futex resumed>) = 0 [pid 7050] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7050] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7051] <... futex resumed>) = 1 [pid 7051] memfd_create("syzkaller", 0) = 4 [pid 7051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7051] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7051] munmap(0x7f6d360cf000, 32768) = 0 [pid 7051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7051] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7051] ioctl(5, LOOP_CLR_FD) = 0 [pid 7051] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7051] close(5) = 0 [pid 7051] close(4) = 0 [pid 7051] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] <... futex resumed>) = 0 [pid 7050] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7050] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7051] <... futex resumed>) = 1 [pid 7051] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7051] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] <... futex resumed>) = 0 [pid 7050] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] <... futex resumed>) = 1 [pid 7051] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7050] <... futex resumed>) = 0 [pid 7050] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7051] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7050] <... futex resumed>) = 0 [pid 7051] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7050] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] <... mmap resumed>) = 0x20000000 [pid 7050] <... futex resumed>) = 0 [pid 7050] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7051] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7050] <... futex resumed>) = 0 [pid 7051] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7050] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7050] <... futex resumed>) = 0 [pid 7051] <... openat resumed>) = 5 [pid 7050] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7051] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7050] <... futex resumed>) = 0 [pid 7051] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7050] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7050] <... futex resumed>) = 0 [pid 7051] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7050] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7050] <... futex resumed>) = 0 [pid 7051] <... openat resumed>) = 6 [pid 7050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7051] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7050] <... mmap resumed>) = 0x7f6d360b6000 [pid 7051] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7050] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[7052]}, 88) = 7052 ./strace-static-x86_64: Process 7052 attached [pid 7050] rt_sigprocmask(SIG_SETMASK, [], [pid 7052] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7052] <... rseq resumed>) = 0 [ 167.264468][ T7051] loop0: detected capacity change from 0 to 64 [pid 7050] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7052] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7050] <... futex resumed>) = 0 [pid 7050] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7052] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7052] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7052] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7050] <... futex resumed>) = 0 [pid 7050] exit_group(0 [pid 7052] <... futex resumed>) = ? [pid 7050] <... exit_group resumed>) = ? [pid 7052] +++ exited with 0 +++ [pid 7051] <... futex resumed>) = ? [pid 7051] +++ exited with 0 +++ [pid 7050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7050, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./668", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./668/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./668/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./668/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./668/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./668/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./668/bus") = 0 umount2("./668/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./668/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./668/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./668") = 0 mkdir("./669", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7053 ./strace-static-x86_64: Process 7053 attached [pid 7053] set_robust_list(0x5555564f6760, 24) = 0 [pid 7053] chdir("./669") = 0 [pid 7053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7053] setpgid(0, 0) = 0 [pid 7053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7053] write(3, "1000", 4) = 4 [pid 7053] close(3) = 0 [pid 7053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7053] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7053] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7053] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7054 attached [pid 7054] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7054] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7053] <... clone3 resumed> => {parent_tid=[7054]}, 88) = 7054 [pid 7054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7054] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7053] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... futex resumed>) = 0 [pid 7053] <... futex resumed>) = 1 [pid 7054] memfd_create("syzkaller", 0) = 3 [pid 7053] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7054] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7054] close(3) = 0 [pid 7054] mkdir("./bus", 0777) = 0 [pid 7054] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7054] chdir("./bus") = 0 [pid 7054] ioctl(4, LOOP_CLR_FD) = 0 [pid 7054] close(4) = 0 [pid 7054] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7054] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] <... futex resumed>) = 0 [pid 7053] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7053] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7054] memfd_create("syzkaller", 0) = 4 [pid 7054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7054] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7054] munmap(0x7f6d360cf000, 32768) = 0 [pid 7054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7054] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7054] ioctl(5, LOOP_CLR_FD) = 0 [pid 7054] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7054] close(5) = 0 [pid 7054] close(4) = 0 [pid 7054] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7053] <... futex resumed>) = 0 [pid 7054] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7053] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... openat resumed>) = 4 [pid 7054] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] <... futex resumed>) = 1 [pid 7054] <... futex resumed>) = 0 [pid 7053] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7053] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7053] <... futex resumed>) = 0 [pid 7054] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7053] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] <... write resumed>) = 12288 [pid 7054] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] <... futex resumed>) = 0 [pid 7053] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7053] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] <... futex resumed>) = 1 [pid 7054] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7054] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] <... futex resumed>) = 0 [pid 7054] <... futex resumed>) = 1 [pid 7053] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7053] <... futex resumed>) = 0 [pid 7054] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7053] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] <... futex resumed>) = 0 [pid 7053] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7053] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7053] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7054] <... futex resumed>) = 1 [pid 7053] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7054] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7053] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7054] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 7055 attached [pid 7055] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7054] <... openat resumed>) = 6 [pid 7053] <... clone3 resumed> => {parent_tid=[7055]}, 88) = 7055 [pid 7055] <... rseq resumed>) = 0 [pid 7055] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7055] rt_sigprocmask(SIG_SETMASK, [], [pid 7053] rt_sigprocmask(SIG_SETMASK, [], [pid 7055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7055] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7054] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] <... futex resumed>) = 0 [pid 7054] <... futex resumed>) = 0 [pid 7053] <... futex resumed>) = 1 [pid 7055] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7054] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7055] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7055] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7053] <... futex resumed>) = 0 [pid 7055] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] exit_group(0) = ? [pid 7054] <... futex resumed>) = ? [pid 7055] <... futex resumed>) = ? [pid 7054] +++ exited with 0 +++ [pid 7055] +++ exited with 0 +++ [pid 7053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7053, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./669", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./669", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./669/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./669/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./669/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./669/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 167.383503][ T7054] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./669/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./669/bus") = 0 umount2("./669/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./669/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./669/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./669") = 0 mkdir("./670", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7056 attached [pid 7056] set_robust_list(0x5555564f6760, 24) = 0 [pid 7056] chdir("./670") = 0 [pid 7056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7056] setpgid(0, 0) = 0 [pid 7056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7056 [pid 7056] <... openat resumed>) = 3 [pid 7056] write(3, "1000", 4) = 4 [pid 7056] close(3) = 0 [pid 7056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7056] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7056] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7056] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7057 attached => {parent_tid=[7057]}, 88) = 7057 [pid 7057] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7056] rt_sigprocmask(SIG_SETMASK, [], [pid 7057] set_robust_list(0x7f6d468e79a0, 24 [pid 7056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7057] <... set_robust_list resumed>) = 0 [pid 7056] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] rt_sigprocmask(SIG_SETMASK, [], [pid 7056] <... futex resumed>) = 0 [pid 7057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7057] memfd_create("syzkaller", 0 [pid 7056] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7057] <... memfd_create resumed>) = 3 [pid 7057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7057] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7057] close(3) = 0 [pid 7057] mkdir("./bus", 0777) = 0 [pid 7057] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7057] chdir("./bus") = 0 [pid 7057] ioctl(4, LOOP_CLR_FD) = 0 [pid 7057] close(4) = 0 [pid 7057] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7057] memfd_create("syzkaller", 0 [pid 7056] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] <... memfd_create resumed>) = 4 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7057] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7057] munmap(0x7f6d360cf000, 32768) = 0 [pid 7057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7057] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7057] ioctl(5, LOOP_CLR_FD) = 0 [pid 7057] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7057] close(5) = 0 [pid 7057] close(4) = 0 [pid 7057] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] <... futex resumed>) = 0 [pid 7057] <... futex resumed>) = 1 [pid 7056] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7056] <... futex resumed>) = 0 [pid 7057] <... openat resumed>) = 4 [pid 7056] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7057] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7056] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7057] <... futex resumed>) = 1 [pid 7057] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7057] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7057] <... futex resumed>) = 1 [pid 7056] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7057] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7057] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7056] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7057] <... futex resumed>) = 1 [pid 7057] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7057] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7057] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7057] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] <... futex resumed>) = 0 [ 167.468876][ T7057] loop0: detected capacity change from 0 to 64 [pid 7056] <... futex resumed>) = 1 [pid 7057] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7057] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7056] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] <... openat resumed>) = 6 [pid 7056] <... futex resumed>) = 0 [pid 7057] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7057] <... futex resumed>) = 0 [pid 7056] <... mmap resumed>) = 0x7f6d360b6000 [pid 7057] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7056] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7058 attached [pid 7058] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7056] <... clone3 resumed> => {parent_tid=[7058]}, 88) = 7058 [pid 7058] <... rseq resumed>) = 0 [pid 7056] rt_sigprocmask(SIG_SETMASK, [], [pid 7058] set_robust_list(0x7f6d360d69a0, 24 [pid 7056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7058] <... set_robust_list resumed>) = 0 [pid 7056] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] rt_sigprocmask(SIG_SETMASK, [], [pid 7056] <... futex resumed>) = 0 [pid 7058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7056] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7058] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7058] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7058] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7056] exit_group(0 [pid 7057] <... futex resumed>) = ? [pid 7058] <... futex resumed>) = ? [pid 7057] +++ exited with 0 +++ [pid 7056] <... exit_group resumed>) = ? [pid 7058] +++ exited with 0 +++ [pid 7056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7056, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./670", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./670/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./670/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./670/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./670/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./670/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./670/bus") = 0 umount2("./670/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./670/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./670/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./670") = 0 mkdir("./671", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7059 attached , child_tidptr=0x5555564f6750) = 7059 [pid 7059] set_robust_list(0x5555564f6760, 24) = 0 [pid 7059] chdir("./671") = 0 [pid 7059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7059] setpgid(0, 0) = 0 [pid 7059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7059] write(3, "1000", 4) = 4 [pid 7059] close(3) = 0 [pid 7059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7059] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7059] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7059] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7060 attached => {parent_tid=[7060]}, 88) = 7060 [pid 7060] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7059] rt_sigprocmask(SIG_SETMASK, [], [pid 7060] <... rseq resumed>) = 0 [pid 7060] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7060] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7059] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] <... futex resumed>) = 0 [pid 7059] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7060] memfd_create("syzkaller", 0) = 3 [pid 7060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7060] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7060] close(3) = 0 [pid 7060] mkdir("./bus", 0777) = 0 [pid 7060] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7060] chdir("./bus") = 0 [pid 7060] ioctl(4, LOOP_CLR_FD) = 0 [pid 7060] close(4) = 0 [pid 7060] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7059] <... futex resumed>) = 0 [pid 7059] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] <... futex resumed>) = 0 [pid 7060] memfd_create("syzkaller", 0) = 4 [pid 7060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7060] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7060] munmap(0x7f6d360cf000, 32768) = 0 [pid 7060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7060] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7060] ioctl(5, LOOP_CLR_FD) = 0 [pid 7060] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7060] close(5) = 0 [pid 7060] close(4) = 0 [pid 7060] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7060] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7059] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7059] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] <... futex resumed>) = 0 [pid 7060] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7060] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7060] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7059] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7059] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7060] <... futex resumed>) = 0 [pid 7059] <... futex resumed>) = 1 [pid 7060] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7059] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7060] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7059] <... futex resumed>) = 0 [pid 7059] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] <... futex resumed>) = 0 [pid 7059] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7060] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7060] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7059] <... futex resumed>) = 0 [pid 7059] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7060] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7059] <... futex resumed>) = 0 [pid 7060] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7059] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7060] <... openat resumed>) = 5 [pid 7060] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7059] <... futex resumed>) = 0 [pid 7059] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7059] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7060] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7059] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7060] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7059] <... mprotect resumed>) = 0 [pid 7060] <... openat resumed>) = 6 [pid 7059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7060] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7061 attached [pid 7061] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7060] <... futex resumed>) = 0 [pid 7059] <... clone3 resumed> => {parent_tid=[7061]}, 88) = 7061 [pid 7061] <... rseq resumed>) = 0 [pid 7059] rt_sigprocmask(SIG_SETMASK, [], [pid 7061] set_robust_list(0x7f6d360d69a0, 24 [pid 7059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7061] <... set_robust_list resumed>) = 0 [pid 7059] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7061] rt_sigprocmask(SIG_SETMASK, [], [pid 7059] <... futex resumed>) = 0 [pid 7061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7059] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7061] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7060] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7061] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7061] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7059] <... futex resumed>) = 0 [pid 7061] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7059] exit_group(0 [pid 7060] <... futex resumed>) = ? [pid 7061] <... futex resumed>) = ? [pid 7059] <... exit_group resumed>) = ? [pid 7060] +++ exited with 0 +++ [pid 7061] +++ exited with 0 +++ [pid 7059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7059, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./671", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 167.592894][ T7060] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./671/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./671/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./671/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./671/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./671/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./671/bus") = 0 umount2("./671/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./671/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./671/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./671") = 0 mkdir("./672", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7062 ./strace-static-x86_64: Process 7062 attached [pid 7062] set_robust_list(0x5555564f6760, 24) = 0 [pid 7062] chdir("./672") = 0 [pid 7062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7062] setpgid(0, 0) = 0 [pid 7062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7062] write(3, "1000", 4) = 4 [pid 7062] close(3) = 0 [pid 7062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7062] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7062] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7062] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7063 attached => {parent_tid=[7063]}, 88) = 7063 [pid 7062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7062] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7062] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7063] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7063] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7063] memfd_create("syzkaller", 0) = 3 [pid 7063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7063] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7063] close(3) = 0 [pid 7063] mkdir("./bus", 0777) = 0 [pid 7063] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7063] chdir("./bus") = 0 [pid 7063] ioctl(4, LOOP_CLR_FD) = 0 [pid 7063] close(4) = 0 [pid 7063] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7063] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7063] <... futex resumed>) = 0 [pid 7062] <... futex resumed>) = 1 [pid 7063] memfd_create("syzkaller", 0) = 4 [pid 7063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7062] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7063] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7063] munmap(0x7f6d360cf000, 32768) = 0 [pid 7063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7063] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7063] ioctl(5, LOOP_CLR_FD) = 0 [pid 7063] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7063] close(5) = 0 [pid 7063] close(4) = 0 [pid 7063] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7062] <... futex resumed>) = 0 [pid 7063] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7062] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7063] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7063] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7062] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7063] <... futex resumed>) = 1 [pid 7063] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7063] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7062] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7063] <... futex resumed>) = 1 [pid 7063] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7063] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] <... futex resumed>) = 1 [pid 7062] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7063] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7063] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7063] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] <... futex resumed>) = 0 [pid 7063] <... futex resumed>) = 1 [pid 7062] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7063] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7063] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7062] <... futex resumed>) = 0 [pid 7063] <... openat resumed>) = 6 [pid 7062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7062] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7063] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7064 attached [pid 7064] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7062] <... clone3 resumed> => {parent_tid=[7064]}, 88) = 7064 [pid 7064] <... rseq resumed>) = 0 [pid 7062] rt_sigprocmask(SIG_SETMASK, [], [pid 7064] set_robust_list(0x7f6d360d69a0, 24 [pid 7062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7064] <... set_robust_list resumed>) = 0 [pid 7062] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] rt_sigprocmask(SIG_SETMASK, [], [pid 7062] <... futex resumed>) = 0 [pid 7064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7064] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7062] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7064] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7064] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7062] <... futex resumed>) = 0 [pid 7064] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] exit_group(0 [pid 7064] <... futex resumed>) = ? [pid 7063] <... futex resumed>) = ? [pid 7062] <... exit_group resumed>) = ? [pid 7063] +++ exited with 0 +++ [pid 7064] +++ exited with 0 +++ [pid 7062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7062, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./672", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./672", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./672/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./672/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./672/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./672/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 167.710203][ T7063] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./672/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./672/bus") = 0 umount2("./672/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./672/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./672/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./672") = 0 mkdir("./673", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7065 attached , child_tidptr=0x5555564f6750) = 7065 [pid 7065] set_robust_list(0x5555564f6760, 24) = 0 [pid 7065] chdir("./673") = 0 [pid 7065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7065] setpgid(0, 0) = 0 [pid 7065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7065] write(3, "1000", 4) = 4 [pid 7065] close(3) = 0 [pid 7065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7065] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7065] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7066 attached [pid 7066] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7065] <... clone3 resumed> => {parent_tid=[7066]}, 88) = 7066 [pid 7066] set_robust_list(0x7f6d468e79a0, 24 [pid 7065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7066] <... set_robust_list resumed>) = 0 [pid 7066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7066] memfd_create("syzkaller", 0) = 3 [pid 7066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7066] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7066] close(3) = 0 [pid 7066] mkdir("./bus", 0777) = 0 [pid 7066] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7066] chdir("./bus") = 0 [pid 7066] ioctl(4, LOOP_CLR_FD) = 0 [pid 7066] close(4) = 0 [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7066] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7065] <... futex resumed>) = 0 [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7065] <... futex resumed>) = 1 [pid 7066] memfd_create("syzkaller", 0) = 4 [pid 7066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7066] <... mmap resumed>) = 0x7f6d360cf000 [pid 7066] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7066] munmap(0x7f6d360cf000, 32768) = 0 [pid 7066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7066] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7066] ioctl(5, LOOP_CLR_FD) = 0 [pid 7066] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7066] close(5) = 0 [pid 7066] close(4) = 0 [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7066] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7065] <... futex resumed>) = 0 [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7065] <... futex resumed>) = 1 [pid 7066] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7066] <... openat resumed>) = 4 [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7066] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7066] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... mmap resumed>) = 0x20000000 [pid 7065] <... futex resumed>) = 0 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7066] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7066] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7065] <... futex resumed>) = 0 [pid 7066] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7066] <... openat resumed>) = 5 [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7066] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7066] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7066] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7066] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7065] <... futex resumed>) = 1 [pid 7065] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] <... futex resumed>) = 0 [pid 7065] <... futex resumed>) = 1 [pid 7066] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7065] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7066] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7066] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7066] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7065] exit_group(0 [pid 7066] <... futex resumed>) = ? [pid 7065] <... exit_group resumed>) = ? [pid 7066] +++ exited with 0 +++ [pid 7065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7065, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./673", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 167.809184][ T7066] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./673/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./673/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./673/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./673/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./673/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./673/bus") = 0 umount2("./673/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./673/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./673/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./673") = 0 mkdir("./674", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7067 attached , child_tidptr=0x5555564f6750) = 7067 [pid 7067] set_robust_list(0x5555564f6760, 24) = 0 [pid 7067] chdir("./674") = 0 [pid 7067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7067] setpgid(0, 0) = 0 [pid 7067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7067] write(3, "1000", 4) = 4 [pid 7067] close(3) = 0 [pid 7067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7067] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7067] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7068]}, 88) = 7068 [pid 7067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7068 attached [pid 7068] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7067] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7068] <... rseq resumed>) = 0 [pid 7068] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7068] memfd_create("syzkaller", 0) = 3 [pid 7068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7068] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7068] close(3) = 0 [pid 7068] mkdir("./bus", 0777) = 0 [pid 7068] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7068] chdir("./bus") = 0 [pid 7068] ioctl(4, LOOP_CLR_FD) = 0 [pid 7068] close(4) = 0 [pid 7068] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7067] <... futex resumed>) = 0 [pid 7067] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7068] memfd_create("syzkaller", 0) = 4 [pid 7068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7068] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7068] munmap(0x7f6d360cf000, 32768) = 0 [pid 7068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7068] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7068] ioctl(5, LOOP_CLR_FD) = 0 [pid 7068] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7068] close(5) = 0 [pid 7068] close(4) = 0 [pid 7068] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7067] <... futex resumed>) = 0 [pid 7068] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7067] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... futex resumed>) = 0 [pid 7067] <... futex resumed>) = 1 [pid 7068] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7067] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... openat resumed>) = 4 [pid 7068] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7067] <... futex resumed>) = 0 [pid 7068] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7067] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... futex resumed>) = 0 [pid 7067] <... futex resumed>) = 1 [pid 7068] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7067] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... write resumed>) = 12288 [pid 7068] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7067] <... futex resumed>) = 0 [pid 7068] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7067] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... futex resumed>) = 0 [pid 7067] <... futex resumed>) = 1 [pid 7068] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7067] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... mmap resumed>) = 0x20000000 [pid 7068] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7067] <... futex resumed>) = 0 [pid 7068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7067] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7068] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7067] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... openat resumed>) = 5 [pid 7068] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] <... futex resumed>) = 0 [pid 7067] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7068] <... futex resumed>) = 1 [pid 7067] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7067] <... futex resumed>) = 0 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7068] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7067] <... mmap resumed>) = 0x7f6d360b6000 [pid 7067] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7068] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7069 attached => {parent_tid=[7069]}, 88) = 7069 [pid 7067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7067] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... futex resumed>) = 0 [pid 7068] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7069] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7069] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7069] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] <... futex resumed>) = 0 [pid 7067] exit_group(0) = ? [pid 7068] <... futex resumed>) = ? [pid 7068] +++ exited with 0 +++ [pid 7069] <... futex resumed>) = ? [pid 7069] +++ exited with 0 +++ [pid 7067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7067, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./674", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 167.920346][ T7068] loop0: detected capacity change from 0 to 64 umount2("./674/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./674/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./674/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./674/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./674/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./674/bus") = 0 umount2("./674/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./674/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./674/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./674") = 0 mkdir("./675", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7070 attached , child_tidptr=0x5555564f6750) = 7070 [pid 7070] set_robust_list(0x5555564f6760, 24) = 0 [pid 7070] chdir("./675") = 0 [pid 7070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7070] setpgid(0, 0) = 0 [pid 7070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7070] write(3, "1000", 4) = 4 [pid 7070] close(3) = 0 [pid 7070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7070] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7070] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7071 attached [pid 7071] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7070] <... clone3 resumed> => {parent_tid=[7071]}, 88) = 7071 [pid 7071] <... rseq resumed>) = 0 [pid 7070] rt_sigprocmask(SIG_SETMASK, [], [pid 7071] set_robust_list(0x7f6d468e79a0, 24 [pid 7070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7071] <... set_robust_list resumed>) = 0 [pid 7070] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] rt_sigprocmask(SIG_SETMASK, [], [pid 7070] <... futex resumed>) = 0 [pid 7071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7070] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7071] memfd_create("syzkaller", 0) = 3 [pid 7071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7071] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7071] close(3) = 0 [pid 7071] mkdir("./bus", 0777) = 0 [pid 7071] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7071] chdir("./bus") = 0 [pid 7071] ioctl(4, LOOP_CLR_FD) = 0 [pid 7071] close(4) = 0 [pid 7071] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7071] memfd_create("syzkaller", 0) = 4 [pid 7071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7071] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7071] munmap(0x7f6d360cf000, 32768) = 0 [pid 7071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7071] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7071] ioctl(5, LOOP_CLR_FD) = 0 [pid 7071] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7071] close(5) = 0 [pid 7071] close(4) = 0 [pid 7071] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7070] <... futex resumed>) = 0 [pid 7071] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7070] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] <... futex resumed>) = 0 [pid 7070] <... futex resumed>) = 1 [pid 7071] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7070] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7071] <... openat resumed>) = 4 [pid 7071] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7071] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7071] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7071] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7071] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] <... futex resumed>) = 1 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7071] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7071] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7071] <... futex resumed>) = 1 [pid 7071] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7071] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7071] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7071] <... futex resumed>) = 1 [pid 7070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7071] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7071] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7070] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7071] <... openat resumed>) = 6 [pid 7070] <... mprotect resumed>) = 0 [pid 7070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7071] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7072 attached [pid 7071] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7072] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7072] set_robust_list(0x7f6d360d69a0, 24 [pid 7070] <... clone3 resumed> => {parent_tid=[7072]}, 88) = 7072 [pid 7072] <... set_robust_list resumed>) = 0 [pid 7070] rt_sigprocmask(SIG_SETMASK, [], [pid 7072] rt_sigprocmask(SIG_SETMASK, [], [pid 7070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7072] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7070] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7072] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7070] exit_group(0 [pid 7071] <... futex resumed>) = ? [pid 7071] +++ exited with 0 +++ [pid 7072] <... futex resumed>) = ? [pid 7070] <... exit_group resumed>) = ? [pid 7072] +++ exited with 0 +++ [pid 7070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7070, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./675", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 168.010243][ T7071] loop0: detected capacity change from 0 to 64 umount2("./675/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./675/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./675/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./675/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./675/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./675/bus") = 0 umount2("./675/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./675/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./675/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./675") = 0 mkdir("./676", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7073 attached [pid 7073] set_robust_list(0x5555564f6760, 24) = 0 [pid 7073] chdir("./676") = 0 [pid 7073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7073] setpgid(0, 0) = 0 [pid 7073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7073] write(3, "1000", 4) = 4 [pid 7073] close(3) = 0 [pid 7073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7073 [pid 7073] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7073] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7074]}, 88) = 7074 [pid 7073] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7074 attached NULL, 8) = 0 [pid 7074] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7073] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7074] <... rseq resumed>) = 0 [pid 7073] <... futex resumed>) = 0 [pid 7074] set_robust_list(0x7f6d468e79a0, 24 [pid 7073] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7074] <... set_robust_list resumed>) = 0 [pid 7074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7074] memfd_create("syzkaller", 0) = 3 [pid 7074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7074] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7074] close(3) = 0 [pid 7074] mkdir("./bus", 0777) = 0 [pid 7074] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7074] chdir("./bus") = 0 [pid 7074] ioctl(4, LOOP_CLR_FD) = 0 [pid 7074] close(4) = 0 [pid 7074] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = 0 [pid 7073] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7074] <... futex resumed>) = 1 [pid 7074] memfd_create("syzkaller", 0) = 4 [pid 7074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7074] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7074] munmap(0x7f6d360cf000, 32768) = 0 [pid 7074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7074] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7074] ioctl(5, LOOP_CLR_FD) = 0 [pid 7074] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7074] close(5) = 0 [pid 7074] close(4) = 0 [pid 7074] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = 0 [pid 7073] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7074] <... futex resumed>) = 1 [pid 7074] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7074] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = 0 [pid 7073] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7074] <... futex resumed>) = 1 [pid 7074] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7074] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = 0 [pid 7073] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7074] <... futex resumed>) = 1 [pid 7074] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7074] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = 0 [pid 7073] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7074] <... futex resumed>) = 1 [pid 7074] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7074] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7074] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = 0 [pid 7073] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7073] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7075 attached [pid 7075] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7073] <... clone3 resumed> => {parent_tid=[7075]}, 88) = 7075 [pid 7075] <... rseq resumed>) = 0 [pid 7073] rt_sigprocmask(SIG_SETMASK, [], [pid 7075] set_robust_list(0x7f6d360d69a0, 24 [pid 7073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7075] <... set_robust_list resumed>) = 0 [pid 7073] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7075] rt_sigprocmask(SIG_SETMASK, [], [pid 7073] <... futex resumed>) = 0 [pid 7075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7073] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7075] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7075] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7073] <... futex resumed>) = 0 [pid 7075] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7074] <... futex resumed>) = 1 [pid 7074] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7074] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7074] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] exit_group(0 [pid 7074] <... futex resumed>) = 230 [pid 7075] <... futex resumed>) = ? [pid 7073] <... exit_group resumed>) = ? [pid 7075] +++ exited with 0 +++ [pid 7074] +++ exited with 0 +++ [pid 7073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7073, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./676", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./676/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./676/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./676/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./676/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./676/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./676/bus") = 0 umount2("./676/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./676/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./676/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./676") = 0 mkdir("./677", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7076 attached , child_tidptr=0x5555564f6750) = 7076 [pid 7076] set_robust_list(0x5555564f6760, 24) = 0 [pid 7076] chdir("./677") = 0 [ 168.090187][ T7074] loop0: detected capacity change from 0 to 64 [pid 7076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7076] setpgid(0, 0) = 0 [pid 7076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7076] write(3, "1000", 4) = 4 [pid 7076] close(3) = 0 [pid 7076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7076] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7076] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7076] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7077 attached => {parent_tid=[7077]}, 88) = 7077 [pid 7076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7076] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7076] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7077] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7077] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7077] memfd_create("syzkaller", 0) = 3 [pid 7077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7077] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7077] close(3) = 0 [pid 7077] mkdir("./bus", 0777) = 0 [pid 7077] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7077] chdir("./bus") = 0 [pid 7077] ioctl(4, LOOP_CLR_FD) = 0 [pid 7077] close(4) = 0 [pid 7077] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] <... futex resumed>) = 0 [pid 7076] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7076] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7077] memfd_create("syzkaller", 0) = 4 [pid 7077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7077] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7077] munmap(0x7f6d360cf000, 32768) = 0 [pid 7077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7077] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7077] ioctl(5, LOOP_CLR_FD) = 0 [pid 7077] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7077] close(5) = 0 [pid 7077] close(4) = 0 [pid 7077] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... futex resumed>) = 0 [pid 7077] <... futex resumed>) = 1 [pid 7077] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] <... futex resumed>) = 0 [pid 7077] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7077] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7077] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] <... futex resumed>) = 0 [pid 7076] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] <... futex resumed>) = 0 [pid 7077] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7077] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7077] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] <... futex resumed>) = 0 [pid 7076] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] <... futex resumed>) = 0 [pid 7077] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7076] <... futex resumed>) = 1 [pid 7076] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... futex resumed>) = 0 [pid 7076] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] <... futex resumed>) = 1 [pid 7076] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7077] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7077] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] <... futex resumed>) = 0 [pid 7077] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7076] <... futex resumed>) = 0 [pid 7077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7076] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7076] <... futex resumed>) = 0 [pid 7076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7077] <... openat resumed>) = 6 [pid 7077] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] <... mmap resumed>) = 0x7f6d360b6000 [pid 7076] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7078 attached [pid 7078] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7076] <... clone3 resumed> => {parent_tid=[7078]}, 88) = 7078 [pid 7078] <... rseq resumed>) = 0 [pid 7076] rt_sigprocmask(SIG_SETMASK, [], [pid 7078] set_robust_list(0x7f6d360d69a0, 24 [pid 7076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7078] <... set_robust_list resumed>) = 0 [pid 7076] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] rt_sigprocmask(SIG_SETMASK, [], [pid 7076] <... futex resumed>) = 0 [pid 7078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7076] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7078] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7078] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7078] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] <... futex resumed>) = 0 [pid 7076] exit_group(0 [pid 7078] <... futex resumed>) = ? [pid 7077] <... futex resumed>) = ? [pid 7076] <... exit_group resumed>) = ? [pid 7078] +++ exited with 0 +++ [pid 7077] +++ exited with 0 +++ [pid 7076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7076, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 168.172206][ T7077] loop0: detected capacity change from 0 to 64 umount2("./677", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./677/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./677/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./677/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./677/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./677/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./677/bus") = 0 umount2("./677/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./677/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./677/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./677") = 0 mkdir("./678", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7079 attached , child_tidptr=0x5555564f6750) = 7079 [pid 7079] set_robust_list(0x5555564f6760, 24) = 0 [pid 7079] chdir("./678") = 0 [pid 7079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7079] setpgid(0, 0) = 0 [pid 7079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7079] write(3, "1000", 4) = 4 [pid 7079] close(3) = 0 [pid 7079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7079] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7079] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7079] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7080 attached => {parent_tid=[7080]}, 88) = 7080 [pid 7080] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7079] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... rseq resumed>) = 0 [pid 7080] set_robust_list(0x7f6d468e79a0, 24 [pid 7079] <... futex resumed>) = 0 [pid 7080] <... set_robust_list resumed>) = 0 [pid 7079] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7080] memfd_create("syzkaller", 0) = 3 [pid 7080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7080] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7080] close(3) = 0 [pid 7080] mkdir("./bus", 0777) = 0 [pid 7080] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7080] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7080] chdir("./bus") = 0 [pid 7080] ioctl(4, LOOP_CLR_FD) = 0 [pid 7080] close(4) = 0 [pid 7080] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7080] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7079] <... futex resumed>) = 0 [pid 7079] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7080] <... futex resumed>) = 0 [pid 7080] memfd_create("syzkaller", 0 [pid 7079] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7080] <... memfd_create resumed>) = 4 [pid 7080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7080] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7080] munmap(0x7f6d360cf000, 32768) = 0 [pid 7080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7080] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7080] ioctl(5, LOOP_CLR_FD) = 0 [pid 7080] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7080] close(5) = 0 [pid 7080] close(4) = 0 [pid 7080] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7080] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7079] <... futex resumed>) = 0 [pid 7079] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... futex resumed>) = 0 [pid 7079] <... futex resumed>) = 1 [pid 7080] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7079] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7080] <... openat resumed>) = 4 [pid 7080] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7079] <... futex resumed>) = 0 [pid 7080] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7079] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... write resumed>) = 12288 [pid 7079] <... futex resumed>) = 0 [pid 7079] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7080] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7079] <... futex resumed>) = 0 [pid 7080] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7079] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... mmap resumed>) = 0x20000000 [pid 7079] <... futex resumed>) = 0 [pid 7079] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7080] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7079] <... futex resumed>) = 0 [pid 7079] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7079] <... futex resumed>) = 0 [pid 7080] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7079] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7080] <... openat resumed>) = 5 [pid 7080] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7079] <... futex resumed>) = 0 [pid 7080] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7079] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7079] <... futex resumed>) = 0 [pid 7079] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... openat resumed>) = 6 [pid 7079] <... futex resumed>) = 0 [pid 7080] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7080] <... futex resumed>) = 0 [pid 7080] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7079] <... mmap resumed>) = 0x7f6d360b6000 [pid 7079] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7081 attached [pid 7081] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7079] <... clone3 resumed> => {parent_tid=[7081]}, 88) = 7081 [pid 7081] <... rseq resumed>) = 0 [pid 7079] rt_sigprocmask(SIG_SETMASK, [], [pid 7081] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7081] rt_sigprocmask(SIG_SETMASK, [], [pid 7079] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7079] <... futex resumed>) = 0 [pid 7081] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7079] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7081] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7081] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7079] <... futex resumed>) = 0 [pid 7081] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7079] exit_group(0 [pid 7081] <... futex resumed>) = ? [pid 7081] +++ exited with 0 +++ [pid 7080] <... futex resumed>) = ? [pid 7079] <... exit_group resumed>) = ? [pid 7080] +++ exited with 0 +++ [pid 7079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7079, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./678", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 168.267580][ T7080] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "./678", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./678/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./678/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./678/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./678/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./678/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./678/bus") = 0 umount2("./678/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./678/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./678/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./678") = 0 mkdir("./679", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7082 attached [pid 7082] set_robust_list(0x5555564f6760, 24 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7082 [pid 7082] <... set_robust_list resumed>) = 0 [pid 7082] chdir("./679") = 0 [pid 7082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7082] setpgid(0, 0) = 0 [pid 7082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7082] write(3, "1000", 4) = 4 [pid 7082] close(3) = 0 [pid 7082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7082] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7082] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7083 attached => {parent_tid=[7083]}, 88) = 7083 [pid 7082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7082] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7083] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7083] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7083] memfd_create("syzkaller", 0) = 3 [pid 7083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7083] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7083] close(3) = 0 [pid 7083] mkdir("./bus", 0777) = 0 [pid 7083] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7083] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7083] chdir("./bus") = 0 [pid 7083] ioctl(4, LOOP_CLR_FD) = 0 [pid 7083] close(4) = 0 [pid 7083] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7083] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7082] <... futex resumed>) = 0 [pid 7082] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7082] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7083] <... futex resumed>) = 0 [pid 7083] memfd_create("syzkaller", 0) = 4 [pid 7083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7083] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7083] munmap(0x7f6d360cf000, 32768) = 0 [pid 7083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7083] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7083] ioctl(5, LOOP_CLR_FD) = 0 [pid 7083] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7083] close(5) = 0 [pid 7083] close(4) = 0 [pid 7083] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7083] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7082] <... futex resumed>) = 0 [pid 7082] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7083] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7083] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] <... futex resumed>) = 0 [pid 7082] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7083] <... futex resumed>) = 1 [pid 7083] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7083] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] <... futex resumed>) = 0 [pid 7082] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7083] <... futex resumed>) = 1 [pid 7083] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7083] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] <... futex resumed>) = 0 [pid 7082] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7083] <... futex resumed>) = 1 [pid 7083] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7083] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7083] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7082] <... futex resumed>) = 0 [pid 7082] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7082] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7084 attached [pid 7083] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7082] <... clone3 resumed> => {parent_tid=[7084]}, 88) = 7084 [pid 7084] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7083] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7082] rt_sigprocmask(SIG_SETMASK, [], [pid 7084] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7084] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] <... openat resumed>) = 6 [pid 7082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7083] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] <... futex resumed>) = 0 [pid 7082] <... futex resumed>) = 0 [pid 7084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7083] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7082] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7084] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [ 168.379630][ T7083] loop0: detected capacity change from 0 to 64 [pid 7084] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7082] <... futex resumed>) = 0 [pid 7084] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7082] exit_group(0 [pid 7083] <... futex resumed>) = ? [pid 7082] <... exit_group resumed>) = ? [pid 7083] +++ exited with 0 +++ [pid 7084] <... futex resumed>) = ? [pid 7084] +++ exited with 0 +++ [pid 7082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7082, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./679", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./679/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./679/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./679/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./679/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./679/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./679/bus") = 0 umount2("./679/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./679/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./679/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./679") = 0 mkdir("./680", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7085 attached , child_tidptr=0x5555564f6750) = 7085 [pid 7085] set_robust_list(0x5555564f6760, 24) = 0 [pid 7085] chdir("./680") = 0 [pid 7085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7085] setpgid(0, 0) = 0 [pid 7085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7085] write(3, "1000", 4) = 4 [pid 7085] close(3) = 0 [pid 7085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7085] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7085] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7086]}, 88) = 7086 [pid 7085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7085] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7086 attached [pid 7086] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7086] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7086] memfd_create("syzkaller", 0) = 3 [pid 7086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7086] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7086] close(3) = 0 [pid 7086] mkdir("./bus", 0777) = 0 [pid 7086] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7086] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7086] chdir("./bus") = 0 [pid 7086] ioctl(4, LOOP_CLR_FD) = 0 [pid 7086] close(4) = 0 [pid 7086] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7085] <... futex resumed>) = 0 [pid 7086] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7085] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7086] memfd_create("syzkaller", 0) = 4 [pid 7086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7086] munmap(0x7f6d360cf000, 32768) = 0 [pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7086] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7086] ioctl(5, LOOP_CLR_FD) = 0 [pid 7086] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7086] close(5) = 0 [pid 7086] close(4) = 0 [pid 7086] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = 1 [pid 7085] <... futex resumed>) = 0 [pid 7086] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7085] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... openat resumed>) = 4 [pid 7086] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... futex resumed>) = 0 [pid 7086] <... futex resumed>) = 1 [pid 7085] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7085] <... futex resumed>) = 0 [pid 7086] <... write resumed>) = 12288 [pid 7085] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... futex resumed>) = 1 [pid 7086] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7086] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... futex resumed>) = 1 [pid 7086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7086] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7086] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... futex resumed>) = 0 [pid 7085] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = 1 [pid 7085] <... futex resumed>) = 0 [pid 7086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7086] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7086] <... openat resumed>) = 6 [pid 7085] <... mmap resumed>) = 0x7f6d360b6000 [pid 7085] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7086] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7086] <... futex resumed>) = 0 [pid 7085] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7086] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7087 attached [pid 7087] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7085] <... clone3 resumed> => {parent_tid=[7087]}, 88) = 7087 [pid 7087] <... rseq resumed>) = 0 [pid 7085] rt_sigprocmask(SIG_SETMASK, [], [pid 7087] set_robust_list(0x7f6d360d69a0, 24 [pid 7085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7087] <... set_robust_list resumed>) = 0 [pid 7085] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7085] <... futex resumed>) = 0 [pid 7087] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7085] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7087] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... futex resumed>) = 0 [pid 7085] exit_group(0 [pid 7087] <... futex resumed>) = ? [pid 7085] <... exit_group resumed>) = ? [pid 7087] +++ exited with 0 +++ [pid 7086] <... futex resumed>) = ? [pid 7086] +++ exited with 0 +++ [pid 7085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7085, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./680", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 168.496940][ T7086] loop0: detected capacity change from 0 to 64 umount2("./680/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./680/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./680/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./680/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./680/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./680/bus") = 0 umount2("./680/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./680/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./680/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./680") = 0 mkdir("./681", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7088 attached , child_tidptr=0x5555564f6750) = 7088 [pid 7088] set_robust_list(0x5555564f6760, 24) = 0 [pid 7088] chdir("./681") = 0 [pid 7088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7088] setpgid(0, 0) = 0 [pid 7088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7088] write(3, "1000", 4) = 4 [pid 7088] close(3) = 0 [pid 7088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7088] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7088] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7088] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7089 attached => {parent_tid=[7089]}, 88) = 7089 [pid 7089] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7088] rt_sigprocmask(SIG_SETMASK, [], [pid 7089] <... rseq resumed>) = 0 [pid 7088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7089] set_robust_list(0x7f6d468e79a0, 24 [pid 7088] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... set_robust_list resumed>) = 0 [pid 7088] <... futex resumed>) = 0 [pid 7089] rt_sigprocmask(SIG_SETMASK, [], [pid 7088] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7089] memfd_create("syzkaller", 0) = 3 [pid 7089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7089] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7089] close(3) = 0 [pid 7089] mkdir("./bus", 0777) = 0 [pid 7089] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7089] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7089] chdir("./bus") = 0 [pid 7089] ioctl(4, LOOP_CLR_FD) = 0 [pid 7089] close(4) = 0 [pid 7089] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7089] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7088] <... futex resumed>) = 0 [pid 7088] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... futex resumed>) = 0 [pid 7088] <... futex resumed>) = 1 [pid 7089] memfd_create("syzkaller", 0) = 4 [pid 7088] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7089] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7089] munmap(0x7f6d360cf000, 32768) = 0 [pid 7089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7089] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7089] ioctl(5, LOOP_CLR_FD) = 0 [pid 7089] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7089] close(5) = 0 [pid 7089] close(4) = 0 [pid 7089] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] <... futex resumed>) = 0 [pid 7089] <... futex resumed>) = 1 [pid 7088] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7088] <... futex resumed>) = 0 [pid 7088] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] <... openat resumed>) = 4 [pid 7089] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] <... futex resumed>) = 0 [pid 7088] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... futex resumed>) = 1 [pid 7088] <... futex resumed>) = 0 [pid 7089] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7088] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] <... write resumed>) = 12288 [pid 7089] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7088] <... futex resumed>) = 0 [pid 7089] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7088] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7089] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7088] <... futex resumed>) = 0 [pid 7089] <... mmap resumed>) = 0x20000000 [pid 7088] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7088] <... futex resumed>) = 0 [pid 7089] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7088] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7088] <... futex resumed>) = 0 [pid 7088] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] <... openat resumed>) = 5 [pid 7089] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7088] <... futex resumed>) = 0 [pid 7088] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7088] <... futex resumed>) = 0 [pid 7088] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7088] <... futex resumed>) = 0 [pid 7088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7089] <... openat resumed>) = 6 [pid 7089] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7088] <... mmap resumed>) = 0x7f6d360b6000 [pid 7088] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7090 attached => {parent_tid=[7090]}, 88) = 7090 [pid 7088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7088] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7088] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7090] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7090] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7090] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7088] <... futex resumed>) = 0 [pid 7090] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7088] exit_group(0 [pid 7090] <... futex resumed>) = ? [pid 7090] +++ exited with 0 +++ [pid 7089] <... futex resumed>) = ? [pid 7089] +++ exited with 0 +++ [pid 7088] <... exit_group resumed>) = ? [pid 7088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7088, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./681", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./681/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 168.585739][ T7089] loop0: detected capacity change from 0 to 64 umount2("./681/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./681/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./681/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./681/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./681/bus") = 0 umount2("./681/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./681/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./681/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./681") = 0 mkdir("./682", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7091 ./strace-static-x86_64: Process 7091 attached [pid 7091] set_robust_list(0x5555564f6760, 24) = 0 [pid 7091] chdir("./682") = 0 [pid 7091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7091] setpgid(0, 0) = 0 [pid 7091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7091] write(3, "1000", 4) = 4 [pid 7091] close(3) = 0 [pid 7091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7091] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7091] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7092 attached [pid 7092] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7091] <... clone3 resumed> => {parent_tid=[7092]}, 88) = 7092 [pid 7092] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], [pid 7092] rt_sigprocmask(SIG_SETMASK, [], [pid 7091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7091] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7092] memfd_create("syzkaller", 0 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7092] <... memfd_create resumed>) = 3 [pid 7092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7092] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7092] close(3) = 0 [pid 7092] mkdir("./bus", 0777) = 0 [pid 7092] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7092] chdir("./bus") = 0 [pid 7092] ioctl(4, LOOP_CLR_FD) = 0 [pid 7092] close(4) = 0 [pid 7092] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7092] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7091] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7091] <... futex resumed>) = 0 [pid 7092] memfd_create("syzkaller", 0 [pid 7091] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7092] <... memfd_create resumed>) = 4 [pid 7092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7092] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7092] munmap(0x7f6d360cf000, 32768) = 0 [pid 7092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7092] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7092] ioctl(5, LOOP_CLR_FD) = 0 [pid 7092] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7092] close(5) = 0 [pid 7092] close(4) = 0 [pid 7092] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7092] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7092] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7092] <... futex resumed>) = 1 [pid 7092] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7092] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7092] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7091] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7092] <... mmap resumed>) = 0x20000000 [pid 7091] <... futex resumed>) = 0 [pid 7092] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7092] <... futex resumed>) = 0 [pid 7091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7092] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7091] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7092] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7092] <... openat resumed>) = 5 [pid 7092] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7091] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7092] <... futex resumed>) = 1 [pid 7091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7092] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7091] <... clone3 resumed> => {parent_tid=[7093]}, 88) = 7093 [pid 7092] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7091] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7092] <... openat resumed>) = 6 [pid 7091] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7092] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7092] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7093 attached [pid 7093] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7093] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7093] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7093] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] <... futex resumed>) = 0 [pid 7093] <... futex resumed>) = 1 [pid 7091] exit_group(0) = ? [pid 7092] <... futex resumed>) = ? [pid 7092] +++ exited with 0 +++ [pid 7093] +++ exited with 0 +++ [pid 7091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7091, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./682", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 168.670768][ T7092] loop0: detected capacity change from 0 to 64 umount2("./682/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./682/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./682/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./682/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./682/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./682/bus") = 0 umount2("./682/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./682/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./682/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./682") = 0 mkdir("./683", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7094 attached , child_tidptr=0x5555564f6750) = 7094 [pid 7094] set_robust_list(0x5555564f6760, 24) = 0 [pid 7094] chdir("./683") = 0 [pid 7094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7094] setpgid(0, 0) = 0 [pid 7094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7094] write(3, "1000", 4) = 4 [pid 7094] close(3) = 0 [pid 7094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7094] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7094] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7094] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7095 attached => {parent_tid=[7095]}, 88) = 7095 [pid 7095] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7094] rt_sigprocmask(SIG_SETMASK, [], [pid 7095] <... rseq resumed>) = 0 [pid 7095] set_robust_list(0x7f6d468e79a0, 24 [pid 7094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7095] <... set_robust_list resumed>) = 0 [pid 7094] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] rt_sigprocmask(SIG_SETMASK, [], [pid 7094] <... futex resumed>) = 0 [pid 7095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7094] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7095] memfd_create("syzkaller", 0) = 3 [pid 7095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7095] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7095] close(3) = 0 [pid 7095] mkdir("./bus", 0777) = 0 [pid 7095] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7095] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7095] chdir("./bus") = 0 [pid 7095] ioctl(4, LOOP_CLR_FD) = 0 [pid 7095] close(4) = 0 [pid 7095] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7095] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] <... futex resumed>) = 0 [pid 7094] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] <... futex resumed>) = 0 [pid 7094] <... futex resumed>) = 1 [pid 7095] memfd_create("syzkaller", 0 [pid 7094] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7095] <... memfd_create resumed>) = 4 [pid 7095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7095] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7095] munmap(0x7f6d360cf000, 32768) = 0 [pid 7095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7095] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7095] ioctl(5, LOOP_CLR_FD) = 0 [pid 7095] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7095] close(5) = 0 [pid 7095] close(4) = 0 [pid 7095] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7095] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] <... futex resumed>) = 0 [pid 7094] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] <... futex resumed>) = 0 [pid 7094] <... futex resumed>) = 1 [pid 7095] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7094] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7095] <... openat resumed>) = 4 [pid 7095] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7095] <... futex resumed>) = 0 [pid 7094] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7094] <... futex resumed>) = 0 [pid 7094] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7095] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7094] <... futex resumed>) = 0 [pid 7095] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7094] <... futex resumed>) = 0 [pid 7095] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7094] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7095] <... mmap resumed>) = 0x20000000 [pid 7095] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7095] <... futex resumed>) = 0 [pid 7095] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7095] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7095] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7094] <... futex resumed>) = 0 [pid 7095] <... openat resumed>) = 5 [pid 7094] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7095] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7095] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] <... futex resumed>) = 0 [pid 7094] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7095] <... futex resumed>) = 0 [pid 7094] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7094] <... futex resumed>) = 0 [pid 7095] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7095] <... openat resumed>) = 6 [pid 7094] <... mmap resumed>) = 0x7f6d360b6000 [pid 7095] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7094] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7095] <... futex resumed>) = 0 [pid 7094] <... mprotect resumed>) = 0 [pid 7095] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7096 attached [pid 7096] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7094] <... clone3 resumed> => {parent_tid=[7096]}, 88) = 7096 [pid 7096] <... rseq resumed>) = 0 [pid 7096] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7096] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7094] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7096] <... futex resumed>) = 0 [pid 7094] <... futex resumed>) = 1 [pid 7096] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7094] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7096] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7096] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7094] <... futex resumed>) = 0 [pid 7096] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7094] exit_group(0 [pid 7095] <... futex resumed>) = ? [pid 7094] <... exit_group resumed>) = ? [pid 7096] <... futex resumed>) = ? [pid 7095] +++ exited with 0 +++ [ 168.772786][ T7095] loop0: detected capacity change from 0 to 64 [pid 7096] +++ exited with 0 +++ [pid 7094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7094, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./683", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./683/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./683/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./683/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./683/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./683/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./683/bus") = 0 umount2("./683/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./683/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./683/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./683") = 0 mkdir("./684", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7097 attached , child_tidptr=0x5555564f6750) = 7097 [pid 7097] set_robust_list(0x5555564f6760, 24) = 0 [pid 7097] chdir("./684") = 0 [pid 7097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7097] setpgid(0, 0) = 0 [pid 7097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7097] write(3, "1000", 4) = 4 [pid 7097] close(3) = 0 [pid 7097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7097] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7097] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7097] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7098 attached => {parent_tid=[7098]}, 88) = 7098 [pid 7098] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7097] rt_sigprocmask(SIG_SETMASK, [], [pid 7098] set_robust_list(0x7f6d468e79a0, 24 [pid 7097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7098] <... set_robust_list resumed>) = 0 [pid 7097] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] rt_sigprocmask(SIG_SETMASK, [], [pid 7097] <... futex resumed>) = 0 [pid 7098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7097] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7098] memfd_create("syzkaller", 0) = 3 [pid 7098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7098] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7098] close(3) = 0 [pid 7098] mkdir("./bus", 0777) = 0 [pid 7098] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7098] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7098] chdir("./bus") = 0 [pid 7098] ioctl(4, LOOP_CLR_FD) = 0 [pid 7098] close(4) = 0 [pid 7098] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = 0 [pid 7097] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7097] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7098] <... futex resumed>) = 1 [pid 7098] memfd_create("syzkaller", 0) = 4 [pid 7098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7098] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7098] munmap(0x7f6d360cf000, 32768) = 0 [pid 7098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7098] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7098] ioctl(5, LOOP_CLR_FD) = 0 [pid 7098] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7098] close(5) = 0 [pid 7098] close(4) = 0 [pid 7098] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = 0 [pid 7098] <... futex resumed>) = 1 [pid 7097] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7097] <... futex resumed>) = 0 [pid 7098] <... openat resumed>) = 4 [pid 7097] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = 0 [pid 7097] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7097] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] <... futex resumed>) = 1 [pid 7098] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7098] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = 0 [pid 7097] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7097] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] <... futex resumed>) = 1 [pid 7098] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7098] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7098] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7097] <... futex resumed>) = 0 [pid 7097] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] <... futex resumed>) = 0 [pid 7097] <... futex resumed>) = 1 [pid 7098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7098] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7097] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] <... openat resumed>) = 5 [pid 7098] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7098] <... futex resumed>) = 0 [pid 7097] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7097] <... futex resumed>) = 0 [pid 7098] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7097] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] <... openat resumed>) = 6 [pid 7097] <... futex resumed>) = 0 [pid 7098] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7098] <... futex resumed>) = 0 [pid 7097] <... mmap resumed>) = 0x7f6d360b6000 [pid 7098] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7097] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[7099]}, 88) = 7099 ./strace-static-x86_64: Process 7099 attached [pid 7097] rt_sigprocmask(SIG_SETMASK, [], [pid 7099] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7099] <... rseq resumed>) = 0 [pid 7097] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] set_robust_list(0x7f6d360d69a0, 24 [pid 7097] <... futex resumed>) = 0 [pid 7099] <... set_robust_list resumed>) = 0 [pid 7097] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7099] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7099] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7097] <... futex resumed>) = 0 [pid 7099] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7097] exit_group(0 [pid 7099] <... futex resumed>) = ? [pid 7098] <... futex resumed>) = ? [pid 7099] +++ exited with 0 +++ [pid 7098] +++ exited with 0 +++ [pid 7097] <... exit_group resumed>) = ? [pid 7097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7097, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./684", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./684/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./684/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./684/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 168.892520][ T7098] loop0: detected capacity change from 0 to 64 umount2("./684/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./684/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./684/bus") = 0 umount2("./684/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./684/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./684/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./684") = 0 mkdir("./685", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7100 attached , child_tidptr=0x5555564f6750) = 7100 [pid 7100] set_robust_list(0x5555564f6760, 24) = 0 [pid 7100] chdir("./685") = 0 [pid 7100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7100] setpgid(0, 0) = 0 [pid 7100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7100] write(3, "1000", 4) = 4 [pid 7100] close(3) = 0 [pid 7100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7100] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7100] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7101]}, 88) = 7101 [pid 7100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7100] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7101 attached ) = 0 [pid 7101] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7100] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7101] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7101] memfd_create("syzkaller", 0) = 3 [pid 7101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7101] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7101] close(3) = 0 [pid 7101] mkdir("./bus", 0777) = 0 [pid 7101] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7101] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7101] chdir("./bus") = 0 [pid 7101] ioctl(4, LOOP_CLR_FD) = 0 [pid 7101] close(4) = 0 [pid 7101] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7101] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7100] <... futex resumed>) = 0 [pid 7100] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7101] <... futex resumed>) = 0 [pid 7100] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7101] memfd_create("syzkaller", 0) = 4 [pid 7101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7101] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7101] munmap(0x7f6d360cf000, 32768) = 0 [pid 7101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7101] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7101] ioctl(5, LOOP_CLR_FD) = 0 [pid 7101] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7101] close(5) = 0 [pid 7101] close(4) = 0 [pid 7101] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = 0 [pid 7101] <... futex resumed>) = 1 [pid 7101] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7100] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7100] <... futex resumed>) = 0 [pid 7101] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7100] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7101] <... openat resumed>) = 4 [pid 7101] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = 0 [pid 7100] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7101] <... futex resumed>) = 1 [pid 7101] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7101] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = 0 [pid 7100] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7101] <... futex resumed>) = 1 [pid 7101] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7101] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = 0 [pid 7100] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7101] <... futex resumed>) = 1 [pid 7101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7101] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7101] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = 0 [pid 7101] <... futex resumed>) = 1 [pid 7101] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7100] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7100] <... futex resumed>) = 0 [pid 7101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7100] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7101] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7100] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7101] <... openat resumed>) = 6 [pid 7100] <... mprotect resumed>) = 0 [pid 7100] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7101] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7101] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7100] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[7102]}, 88) = 7102 [pid 7100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7100] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7102 attached [pid 7102] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7102] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7102] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7102] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7102] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7100] <... futex resumed>) = 0 [pid 7100] exit_group(0) = ? [pid 7102] <... futex resumed>) = ? [pid 7102] +++ exited with 0 +++ [pid 7101] <... futex resumed>) = ? [pid 7101] +++ exited with 0 +++ [pid 7100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7100, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./685", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./685/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./685/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./685/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./685/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./685/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 [ 168.996961][ T7101] loop0: detected capacity change from 0 to 64 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./685/bus") = 0 umount2("./685/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./685/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./685/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./685") = 0 mkdir("./686", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7103 ./strace-static-x86_64: Process 7103 attached [pid 7103] set_robust_list(0x5555564f6760, 24) = 0 [pid 7103] chdir("./686") = 0 [pid 7103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7103] setpgid(0, 0) = 0 [pid 7103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7103] write(3, "1000", 4) = 4 [pid 7103] close(3) = 0 [pid 7103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7103] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7103] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7104 attached [pid 7104] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7103] <... clone3 resumed> => {parent_tid=[7104]}, 88) = 7104 [pid 7104] <... rseq resumed>) = 0 [pid 7104] set_robust_list(0x7f6d468e79a0, 24 [pid 7103] rt_sigprocmask(SIG_SETMASK, [], [pid 7104] <... set_robust_list resumed>) = 0 [pid 7103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7104] rt_sigprocmask(SIG_SETMASK, [], [pid 7103] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7103] <... futex resumed>) = 0 [pid 7104] memfd_create("syzkaller", 0 [pid 7103] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7104] <... memfd_create resumed>) = 3 [pid 7104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7104] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7104] close(3) = 0 [pid 7104] mkdir("./bus", 0777) = 0 [pid 7104] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7104] chdir("./bus") = 0 [pid 7104] ioctl(4, LOOP_CLR_FD) = 0 [pid 7104] close(4) = 0 [pid 7104] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7103] <... futex resumed>) = 0 [pid 7104] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7103] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7103] <... futex resumed>) = 0 [pid 7104] memfd_create("syzkaller", 0 [pid 7103] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7104] <... memfd_create resumed>) = 4 [pid 7104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7104] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7104] munmap(0x7f6d360cf000, 32768) = 0 [pid 7104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7104] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7104] ioctl(5, LOOP_CLR_FD) = 0 [pid 7104] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7104] close(5) = 0 [pid 7104] close(4) = 0 [pid 7104] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 0 [pid 7103] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7104] <... futex resumed>) = 1 [pid 7104] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7104] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 0 [pid 7103] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7104] <... futex resumed>) = 1 [pid 7104] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7104] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 0 [pid 7103] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7104] <... futex resumed>) = 1 [pid 7104] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7104] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 0 [pid 7103] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7104] <... futex resumed>) = 1 [pid 7104] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7104] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7104] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 0 [pid 7103] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7103] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7103] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7104] <... futex resumed>) = 1 [pid 7103] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7104] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7104] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 7105 attached [pid 7105] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7105] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7105] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7104] <... openat resumed>) = 6 [pid 7103] <... clone3 resumed> => {parent_tid=[7105]}, 88) = 7105 [pid 7104] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] rt_sigprocmask(SIG_SETMASK, [], [pid 7104] <... futex resumed>) = 0 [pid 7103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7104] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7103] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... futex resumed>) = 0 [pid 7103] <... futex resumed>) = 1 [pid 7105] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7103] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7105] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7105] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 0 [pid 7105] <... futex resumed>) = 1 [pid 7105] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7103] exit_group(0 [pid 7105] <... futex resumed>) = ? [pid 7103] <... exit_group resumed>) = ? [pid 7104] <... futex resumed>) = ? [pid 7105] +++ exited with 0 +++ [pid 7104] +++ exited with 0 +++ [pid 7103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7103, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./686", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./686/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 169.093704][ T7104] loop0: detected capacity change from 0 to 64 umount2("./686/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./686/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./686/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./686/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./686/bus") = 0 umount2("./686/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./686/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./686/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./686") = 0 mkdir("./687", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7106 attached [pid 7106] set_robust_list(0x5555564f6760, 24) = 0 [pid 7106] chdir("./687") = 0 [pid 7106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7106] setpgid(0, 0) = 0 [pid 7106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7106 [pid 7106] write(3, "1000", 4) = 4 [pid 7106] close(3) = 0 [pid 7106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7106] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7106] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7106] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7107 attached [pid 7107] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7106] <... clone3 resumed> => {parent_tid=[7107]}, 88) = 7107 [pid 7107] <... rseq resumed>) = 0 [pid 7106] rt_sigprocmask(SIG_SETMASK, [], [pid 7107] set_robust_list(0x7f6d468e79a0, 24 [pid 7106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7107] <... set_robust_list resumed>) = 0 [pid 7107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7107] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = 0 [pid 7106] <... futex resumed>) = 1 [pid 7107] memfd_create("syzkaller", 0 [pid 7106] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7107] <... memfd_create resumed>) = 3 [pid 7107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7107] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7107] close(3) = 0 [pid 7107] mkdir("./bus", 0777) = 0 [pid 7107] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7107] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7107] chdir("./bus") = 0 [pid 7107] ioctl(4, LOOP_CLR_FD) = 0 [pid 7107] close(4) = 0 [pid 7107] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7106] <... futex resumed>) = 0 [pid 7107] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7107] memfd_create("syzkaller", 0 [pid 7106] <... futex resumed>) = 0 [pid 7107] <... memfd_create resumed>) = 4 [pid 7106] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7107] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7107] munmap(0x7f6d360cf000, 32768) = 0 [pid 7107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7107] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7107] ioctl(5, LOOP_CLR_FD) = 0 [pid 7107] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7107] close(5) = 0 [pid 7107] close(4) = 0 [pid 7107] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7106] <... futex resumed>) = 0 [pid 7107] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7106] <... futex resumed>) = 0 [pid 7107] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7106] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7107] <... openat resumed>) = 4 [pid 7107] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7106] <... futex resumed>) = 0 [pid 7107] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7106] <... futex resumed>) = 0 [pid 7107] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7106] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7107] <... write resumed>) = 12288 [pid 7107] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7107] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] <... futex resumed>) = 0 [pid 7106] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = 0 [pid 7106] <... futex resumed>) = 1 [pid 7107] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7106] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7107] <... mmap resumed>) = 0x20000000 [pid 7107] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7106] <... futex resumed>) = 0 [pid 7107] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7106] <... futex resumed>) = 0 [pid 7107] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7106] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7107] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7107] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7106] <... futex resumed>) = 0 [pid 7106] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7106] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7107] <... futex resumed>) = 1 [pid 7107] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7107] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7106] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7107] <... openat resumed>) = 6 [pid 7106] <... mprotect resumed>) = 0 [pid 7106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7108 attached [pid 7108] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7107] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7108] <... rseq resumed>) = 0 [pid 7107] <... futex resumed>) = 0 [pid 7106] <... clone3 resumed> => {parent_tid=[7108]}, 88) = 7108 [pid 7108] set_robust_list(0x7f6d360d69a0, 24 [pid 7107] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] rt_sigprocmask(SIG_SETMASK, [], [pid 7108] <... set_robust_list resumed>) = 0 [pid 7106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7108] rt_sigprocmask(SIG_SETMASK, [], [pid 7106] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7106] <... futex resumed>) = 0 [pid 7108] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7106] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7108] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7108] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7106] <... futex resumed>) = 0 [pid 7106] exit_group(0) = ? [pid 7107] <... futex resumed>) = ? [pid 7107] +++ exited with 0 +++ [pid 7108] <... futex resumed>) = ? [pid 7108] +++ exited with 0 +++ [pid 7106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7106, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./687", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./687/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 169.182453][ T7107] loop0: detected capacity change from 0 to 64 umount2("./687/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./687/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./687/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./687/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./687/bus") = 0 umount2("./687/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./687/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./687/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./687") = 0 mkdir("./688", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7109 ./strace-static-x86_64: Process 7109 attached [pid 7109] set_robust_list(0x5555564f6760, 24) = 0 [pid 7109] chdir("./688") = 0 [pid 7109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7109] setpgid(0, 0) = 0 [pid 7109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7109] write(3, "1000", 4) = 4 [pid 7109] close(3) = 0 [pid 7109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7109] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7109] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7110 attached => {parent_tid=[7110]}, 88) = 7110 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7109] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7110] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7110] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7110] memfd_create("syzkaller", 0) = 3 [pid 7110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7110] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7110] close(3) = 0 [pid 7110] mkdir("./bus", 0777) = 0 [pid 7110] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7110] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7110] chdir("./bus") = 0 [pid 7110] ioctl(4, LOOP_CLR_FD) = 0 [pid 7110] close(4) = 0 [pid 7110] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7110] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7109] <... futex resumed>) = 0 [pid 7110] memfd_create("syzkaller", 0 [pid 7109] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7110] <... memfd_create resumed>) = 4 [pid 7110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7110] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7110] munmap(0x7f6d360cf000, 32768) = 0 [pid 7110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7110] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7110] ioctl(5, LOOP_CLR_FD) = 0 [pid 7110] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7110] close(5) = 0 [pid 7110] close(4) = 0 [pid 7110] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7110] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7109] <... futex resumed>) = 0 [pid 7110] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7109] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7110] <... openat resumed>) = 4 [pid 7110] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7110] <... futex resumed>) = 1 [pid 7110] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7110] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7110] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7109] <... futex resumed>) = 0 [pid 7110] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7109] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7110] <... mmap resumed>) = 0x20000000 [pid 7110] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7110] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = 0 [pid 7109] <... futex resumed>) = 1 [pid 7110] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7109] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7110] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7110] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7110] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7109] <... futex resumed>) = 0 [pid 7110] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7109] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7110] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7110] <... openat resumed>) = 6 [pid 7109] <... mmap resumed>) = 0x7f6d360b6000 [pid 7109] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7110] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... mprotect resumed>) = 0 [pid 7109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7110] <... futex resumed>) = 0 [pid 7110] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7111 attached [pid 7111] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7109] <... clone3 resumed> => {parent_tid=[7111]}, 88) = 7111 [pid 7111] <... rseq resumed>) = 0 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], [pid 7111] set_robust_list(0x7f6d360d69a0, 24 [pid 7109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7111] <... set_robust_list resumed>) = 0 [pid 7109] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] rt_sigprocmask(SIG_SETMASK, [], [pid 7109] <... futex resumed>) = 0 [pid 7111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7111] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7109] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7111] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7111] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... futex resumed>) = 0 [pid 7111] <... futex resumed>) = 1 [pid 7109] exit_group(0) = ? [ 169.277115][ T7110] loop0: detected capacity change from 0 to 64 [pid 7111] +++ exited with 0 +++ [pid 7110] <... futex resumed>) = ? [pid 7110] +++ exited with 0 +++ [pid 7109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7109, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./688", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./688/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./688/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./688/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./688/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./688/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./688/bus") = 0 umount2("./688/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./688/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./688/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./688") = 0 mkdir("./689", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7112 ./strace-static-x86_64: Process 7112 attached [pid 7112] set_robust_list(0x5555564f6760, 24) = 0 [pid 7112] chdir("./689") = 0 [pid 7112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7112] setpgid(0, 0) = 0 [pid 7112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7112] write(3, "1000", 4) = 4 [pid 7112] close(3) = 0 [pid 7112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7112] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7112] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7113 attached [pid 7113] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7112] <... clone3 resumed> => {parent_tid=[7113]}, 88) = 7113 [pid 7112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7112] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7113] <... rseq resumed>) = 0 [pid 7113] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7113] memfd_create("syzkaller", 0) = 3 [pid 7113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7113] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7113] close(3) = 0 [pid 7113] mkdir("./bus", 0777) = 0 [pid 7113] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7113] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7113] chdir("./bus") = 0 [pid 7113] ioctl(4, LOOP_CLR_FD) = 0 [pid 7113] close(4) = 0 [pid 7113] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7112] <... futex resumed>) = 0 [pid 7113] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7112] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7113] <... futex resumed>) = 0 [pid 7112] <... futex resumed>) = 1 [pid 7113] memfd_create("syzkaller", 0) = 4 [pid 7112] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7113] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7113] munmap(0x7f6d360cf000, 32768) = 0 [pid 7113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7113] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7113] ioctl(5, LOOP_CLR_FD) = 0 [pid 7113] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7113] close(5) = 0 [pid 7113] close(4) = 0 [pid 7113] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7113] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7112] <... futex resumed>) = 0 [pid 7112] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7113] <... futex resumed>) = 0 [pid 7112] <... futex resumed>) = 1 [pid 7113] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7112] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7113] <... openat resumed>) = 4 [pid 7113] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7112] <... futex resumed>) = 0 [pid 7112] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7113] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7112] <... futex resumed>) = 0 [pid 7112] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7113] <... write resumed>) = 12288 [pid 7113] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... futex resumed>) = 0 [pid 7112] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7113] <... futex resumed>) = 1 [pid 7113] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7113] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... futex resumed>) = 0 [pid 7112] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7113] <... futex resumed>) = 1 [pid 7113] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7113] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7113] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... futex resumed>) = 0 [pid 7112] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7113] <... futex resumed>) = 1 [pid 7112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7113] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7112] <... mmap resumed>) = 0x7f6d360b6000 [pid 7113] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7112] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7112] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7113] <... openat resumed>) = 6 [pid 7112] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7113] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7113] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7114 attached [pid 7114] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7112] <... clone3 resumed> => {parent_tid=[7114]}, 88) = 7114 [pid 7114] <... rseq resumed>) = 0 [pid 7112] rt_sigprocmask(SIG_SETMASK, [], [pid 7114] set_robust_list(0x7f6d360d69a0, 24 [pid 7112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7114] <... set_robust_list resumed>) = 0 [pid 7112] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7114] rt_sigprocmask(SIG_SETMASK, [], [pid 7112] <... futex resumed>) = 0 [pid 7114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7112] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7114] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7114] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7114] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7112] <... futex resumed>) = 0 [pid 7112] exit_group(0) = ? [pid 7114] <... futex resumed>) = ? [pid 7114] +++ exited with 0 +++ [pid 7113] <... futex resumed>) = ? [pid 7113] +++ exited with 0 +++ [pid 7112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7112, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./689", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./689/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./689/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./689/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./689/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./689/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./689/bus") = 0 umount2("./689/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./689/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./689/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./689") = 0 [ 169.378923][ T7113] loop0: detected capacity change from 0 to 64 mkdir("./690", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7115 attached , child_tidptr=0x5555564f6750) = 7115 [pid 7115] set_robust_list(0x5555564f6760, 24) = 0 [pid 7115] chdir("./690") = 0 [pid 7115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7115] setpgid(0, 0) = 0 [pid 7115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7115] write(3, "1000", 4) = 4 [pid 7115] close(3) = 0 [pid 7115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7115] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7115] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7115] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7116 attached [pid 7116] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7115] <... clone3 resumed> => {parent_tid=[7116]}, 88) = 7116 [pid 7116] <... rseq resumed>) = 0 [pid 7116] set_robust_list(0x7f6d468e79a0, 24 [pid 7115] rt_sigprocmask(SIG_SETMASK, [], [pid 7116] <... set_robust_list resumed>) = 0 [pid 7115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7116] rt_sigprocmask(SIG_SETMASK, [], [pid 7115] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7115] <... futex resumed>) = 0 [pid 7116] memfd_create("syzkaller", 0 [pid 7115] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7116] <... memfd_create resumed>) = 3 [pid 7116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7116] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7116] close(3) = 0 [pid 7116] mkdir("./bus", 0777) = 0 [pid 7116] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7116] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7116] chdir("./bus") = 0 [pid 7116] ioctl(4, LOOP_CLR_FD) = 0 [pid 7116] close(4) = 0 [pid 7116] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... futex resumed>) = 0 [pid 7116] <... futex resumed>) = 1 [pid 7115] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7116] memfd_create("syzkaller", 0 [pid 7115] <... futex resumed>) = 0 [pid 7116] <... memfd_create resumed>) = 4 [pid 7115] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7116] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7116] munmap(0x7f6d360cf000, 32768) = 0 [pid 7116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7116] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7116] ioctl(5, LOOP_CLR_FD) = 0 [pid 7116] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7116] close(5) = 0 [pid 7116] close(4) = 0 [pid 7116] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... futex resumed>) = 0 [pid 7115] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7115] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7116] <... futex resumed>) = 1 [pid 7116] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7116] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7115] <... futex resumed>) = 0 [pid 7115] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7115] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7116] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7116] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... futex resumed>) = 0 [pid 7116] <... futex resumed>) = 1 [pid 7115] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7115] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7116] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7116] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... futex resumed>) = 0 [pid 7115] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7115] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7116] <... futex resumed>) = 1 [pid 7116] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7116] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7116] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7115] <... futex resumed>) = 0 [pid 7116] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7115] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7115] <... futex resumed>) = 0 [pid 7116] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7115] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7116] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7115] <... futex resumed>) = 0 [pid 7116] <... openat resumed>) = 6 [pid 7115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7116] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... mmap resumed>) = 0x7f6d360b6000 [pid 7116] <... futex resumed>) = 0 [pid 7115] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7116] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7115] <... mprotect resumed>) = 0 [pid 7115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7117 attached [pid 7117] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7117] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7115] <... clone3 resumed> => {parent_tid=[7117]}, 88) = 7117 [pid 7117] rt_sigprocmask(SIG_SETMASK, [], [pid 7115] rt_sigprocmask(SIG_SETMASK, [], [pid 7117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7117] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7115] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7115] <... futex resumed>) = 0 [pid 7117] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7115] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7117] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7117] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7115] <... futex resumed>) = 0 [pid 7115] exit_group(0 [pid 7117] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 7116] <... futex resumed>) = ? [pid 7115] <... exit_group resumed>) = ? [pid 7117] +++ exited with 0 +++ [pid 7116] +++ exited with 0 +++ [pid 7115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7115, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./690", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 169.449977][ T7116] loop0: detected capacity change from 0 to 64 umount2("./690/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./690/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./690/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./690/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./690/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./690/bus") = 0 umount2("./690/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./690/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./690/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./690") = 0 mkdir("./691", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7118 ./strace-static-x86_64: Process 7118 attached [pid 7118] set_robust_list(0x5555564f6760, 24) = 0 [pid 7118] chdir("./691") = 0 [pid 7118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7118] setpgid(0, 0) = 0 [pid 7118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7118] write(3, "1000", 4) = 4 [pid 7118] close(3) = 0 [pid 7118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7118] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7118] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7118] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7119]}, 88) = 7119 ./strace-static-x86_64: Process 7119 attached [pid 7119] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7118] rt_sigprocmask(SIG_SETMASK, [], [pid 7119] <... rseq resumed>) = 0 [pid 7119] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7119] rt_sigprocmask(SIG_SETMASK, [], [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7118] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7118] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7119] memfd_create("syzkaller", 0) = 3 [pid 7119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7119] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7119] close(3) = 0 [pid 7119] mkdir("./bus", 0777) = 0 [pid 7119] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7119] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7119] chdir("./bus") = 0 [pid 7119] ioctl(4, LOOP_CLR_FD) = 0 [pid 7119] close(4) = 0 [pid 7119] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... futex resumed>) = 0 [pid 7119] <... futex resumed>) = 1 [pid 7118] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] memfd_create("syzkaller", 0 [pid 7118] <... futex resumed>) = 0 [pid 7119] <... memfd_create resumed>) = 4 [pid 7118] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7119] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7119] munmap(0x7f6d360cf000, 32768) = 0 [pid 7119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7119] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7119] ioctl(5, LOOP_CLR_FD) = 0 [pid 7119] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7119] close(5) = 0 [pid 7119] close(4) = 0 [pid 7119] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7119] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] <... futex resumed>) = 0 [pid 7118] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... futex resumed>) = 0 [pid 7118] <... futex resumed>) = 1 [pid 7119] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7118] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... futex resumed>) = 0 [pid 7118] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7118] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... futex resumed>) = 1 [pid 7119] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7119] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... futex resumed>) = 0 [pid 7118] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... futex resumed>) = 1 [pid 7118] <... futex resumed>) = 0 [pid 7119] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7118] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... futex resumed>) = 0 [pid 7119] <... futex resumed>) = 1 [pid 7118] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7118] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7119] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7119] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7118] <... futex resumed>) = 0 [pid 7119] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7118] <... futex resumed>) = 0 [pid 7119] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7118] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7118] <... futex resumed>) = 0 [pid 7118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7119] <... openat resumed>) = 6 [pid 7118] <... mmap resumed>) = 0x7f6d360b6000 [pid 7119] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7119] <... futex resumed>) = 0 [pid 7118] <... mprotect resumed>) = 0 [pid 7119] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7120 attached [pid 7120] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7118] <... clone3 resumed> => {parent_tid=[7120]}, 88) = 7120 [pid 7120] <... rseq resumed>) = 0 [pid 7120] set_robust_list(0x7f6d360d69a0, 24 [pid 7118] rt_sigprocmask(SIG_SETMASK, [], [pid 7120] <... set_robust_list resumed>) = 0 [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7120] rt_sigprocmask(SIG_SETMASK, [], [pid 7118] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7118] <... futex resumed>) = 0 [pid 7120] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7118] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7120] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7120] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7118] <... futex resumed>) = 0 [pid 7120] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] exit_group(0) = ? [pid 7120] <... futex resumed>) = ? [pid 7120] +++ exited with 0 +++ [pid 7119] <... futex resumed>) = ? [pid 7119] +++ exited with 0 +++ [pid 7118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7118, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./691", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./691/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 169.555168][ T7119] loop0: detected capacity change from 0 to 64 umount2("./691/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./691/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./691/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./691/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./691/bus") = 0 umount2("./691/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./691/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./691/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./691") = 0 mkdir("./692", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7121 attached , child_tidptr=0x5555564f6750) = 7121 [pid 7121] set_robust_list(0x5555564f6760, 24) = 0 [pid 7121] chdir("./692") = 0 [pid 7121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7121] setpgid(0, 0) = 0 [pid 7121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7121] write(3, "1000", 4) = 4 [pid 7121] close(3) = 0 [pid 7121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7121] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7121] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7122 attached => {parent_tid=[7122]}, 88) = 7122 [pid 7122] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], [pid 7122] <... rseq resumed>) = 0 [pid 7122] set_robust_list(0x7f6d468e79a0, 24 [pid 7121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7122] <... set_robust_list resumed>) = 0 [pid 7121] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] rt_sigprocmask(SIG_SETMASK, [], [pid 7121] <... futex resumed>) = 0 [pid 7122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7121] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7122] memfd_create("syzkaller", 0) = 3 [pid 7122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7122] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7122] close(3) = 0 [pid 7122] mkdir("./bus", 0777) = 0 [pid 7122] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7122] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7122] chdir("./bus") = 0 [pid 7122] ioctl(4, LOOP_CLR_FD) = 0 [pid 7122] close(4) = 0 [pid 7122] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7122] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7121] <... futex resumed>) = 0 [pid 7121] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] <... futex resumed>) = 0 [pid 7121] <... futex resumed>) = 1 [pid 7122] memfd_create("syzkaller", 0 [pid 7121] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7122] <... memfd_create resumed>) = 4 [pid 7122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7122] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7122] munmap(0x7f6d360cf000, 32768) = 0 [pid 7122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7122] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7122] ioctl(5, LOOP_CLR_FD) = 0 [pid 7122] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7122] close(5) = 0 [pid 7122] close(4) = 0 [pid 7122] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7121] <... futex resumed>) = 0 [pid 7122] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7121] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] <... openat resumed>) = 4 [pid 7121] <... futex resumed>) = 0 [pid 7121] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... futex resumed>) = 0 [pid 7121] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] <... futex resumed>) = 1 [pid 7122] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7122] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... futex resumed>) = 0 [pid 7121] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] <... futex resumed>) = 1 [pid 7122] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7122] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7121] <... futex resumed>) = 0 [pid 7121] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7122] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7122] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7121] <... futex resumed>) = 0 [pid 7121] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7122] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7121] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7121] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7121] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7122] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 7121] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7123 attached [pid 7123] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7122] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... clone3 resumed> => {parent_tid=[7123]}, 88) = 7123 [pid 7123] <... rseq resumed>) = 0 [pid 7122] <... futex resumed>) = 0 [pid 7123] set_robust_list(0x7f6d360d69a0, 24 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], [pid 7123] <... set_robust_list resumed>) = 0 [pid 7122] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7123] rt_sigprocmask(SIG_SETMASK, [], [pid 7121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7121] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7123] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7121] <... futex resumed>) = 0 [pid 7123] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7121] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7123] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7121] <... futex resumed>) = 0 [pid 7123] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7121] exit_group(0 [pid 7123] <... futex resumed>) = ? [pid 7122] <... futex resumed>) = ? [pid 7121] <... exit_group resumed>) = ? [pid 7122] +++ exited with 0 +++ [pid 7123] +++ exited with 0 +++ [pid 7121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7121, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./692", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 169.649257][ T7122] loop0: detected capacity change from 0 to 64 umount2("./692/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./692/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./692/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./692/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./692/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./692/bus") = 0 umount2("./692/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./692/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./692/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./692") = 0 mkdir("./693", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7124 attached , child_tidptr=0x5555564f6750) = 7124 [pid 7124] set_robust_list(0x5555564f6760, 24) = 0 [pid 7124] chdir("./693") = 0 [pid 7124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7124] setpgid(0, 0) = 0 [pid 7124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7124] write(3, "1000", 4) = 4 [pid 7124] close(3) = 0 [pid 7124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7124] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7124] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7124] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7125]}, 88) = 7125 ./strace-static-x86_64: Process 7125 attached [pid 7125] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7124] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7124] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7125] <... rseq resumed>) = 0 [pid 7125] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7125] memfd_create("syzkaller", 0) = 3 [pid 7125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7125] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7125] close(3) = 0 [pid 7125] mkdir("./bus", 0777) = 0 [pid 7125] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7125] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7125] chdir("./bus") = 0 [pid 7125] ioctl(4, LOOP_CLR_FD) = 0 [pid 7125] close(4) = 0 [pid 7125] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] <... futex resumed>) = 0 [pid 7125] memfd_create("syzkaller", 0 [pid 7124] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] <... memfd_create resumed>) = 4 [pid 7124] <... futex resumed>) = 0 [pid 7125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7124] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7125] <... mmap resumed>) = 0x7f6d360cf000 [pid 7125] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7125] munmap(0x7f6d360cf000, 32768) = 0 [pid 7125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7125] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7125] ioctl(5, LOOP_CLR_FD) = 0 [pid 7125] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7125] close(5) = 0 [pid 7125] close(4) = 0 [pid 7125] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] <... futex resumed>) = 0 [pid 7125] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7124] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7124] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7125] <... openat resumed>) = 4 [pid 7125] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = 0 [pid 7125] <... futex resumed>) = 1 [pid 7124] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7124] <... futex resumed>) = 0 [pid 7124] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7125] <... write resumed>) = 12288 [pid 7125] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = 0 [pid 7125] <... futex resumed>) = 1 [pid 7125] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7124] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7124] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7125] <... mmap resumed>) = 0x20000000 [pid 7125] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = 0 [pid 7124] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] <... futex resumed>) = 1 [pid 7124] <... futex resumed>) = 0 [pid 7124] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7125] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7125] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7125] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] <... futex resumed>) = 0 [pid 7125] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7124] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7124] <... futex resumed>) = 0 [pid 7125] <... openat resumed>) = 6 [pid 7124] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... futex resumed>) = 0 [pid 7125] <... futex resumed>) = 0 [pid 7124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7125] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7124] <... mmap resumed>) = 0x7f6d360b6000 [pid 7124] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7126 attached => {parent_tid=[7126]}, 88) = 7126 [pid 7124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7124] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7124] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7126] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7126] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7126] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7126] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] <... futex resumed>) = 0 [pid 7126] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7124] exit_group(0 [pid 7126] <... futex resumed>) = ? [pid 7125] <... futex resumed>) = ? [pid 7124] <... exit_group resumed>) = ? [pid 7126] +++ exited with 0 +++ [pid 7125] +++ exited with 0 +++ [pid 7124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7124, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./693", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 169.766170][ T7125] loop0: detected capacity change from 0 to 64 umount2("./693/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./693/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./693/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./693/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./693/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./693/bus") = 0 umount2("./693/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./693/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./693/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./693") = 0 mkdir("./694", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7127 attached , child_tidptr=0x5555564f6750) = 7127 [pid 7127] set_robust_list(0x5555564f6760, 24) = 0 [pid 7127] chdir("./694") = 0 [pid 7127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7127] setpgid(0, 0) = 0 [pid 7127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7127] write(3, "1000", 4) = 4 [pid 7127] close(3) = 0 [pid 7127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7127] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7127] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7127] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7128 attached => {parent_tid=[7128]}, 88) = 7128 [pid 7127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7127] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7127] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7128] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7128] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7128] memfd_create("syzkaller", 0) = 3 [pid 7128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7128] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7128] close(3) = 0 [pid 7128] mkdir("./bus", 0777) = 0 [pid 7128] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7128] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7128] chdir("./bus") = 0 [pid 7128] ioctl(4, LOOP_CLR_FD) = 0 [pid 7128] close(4) = 0 [pid 7128] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7127] <... futex resumed>) = 0 [pid 7127] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7127] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7128] memfd_create("syzkaller", 0) = 4 [pid 7128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7128] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7128] munmap(0x7f6d360cf000, 32768) = 0 [pid 7128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7128] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7128] ioctl(5, LOOP_CLR_FD) = 0 [pid 7128] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7128] close(5) = 0 [pid 7128] close(4) = 0 [pid 7128] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7127] <... futex resumed>) = 0 [pid 7128] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7127] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7128] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7127] <... futex resumed>) = 0 [pid 7127] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... openat resumed>) = 4 [pid 7128] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7127] <... futex resumed>) = 0 [pid 7128] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7127] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] <... futex resumed>) = 0 [pid 7127] <... futex resumed>) = 1 [pid 7128] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7127] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... write resumed>) = 12288 [pid 7128] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7127] <... futex resumed>) = 0 [pid 7127] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 7127] <... futex resumed>) = 0 [pid 7127] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... mmap resumed>) = 0x20000000 [pid 7128] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] <... futex resumed>) = 0 [pid 7128] <... futex resumed>) = 1 [pid 7127] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7127] <... futex resumed>) = 0 [pid 7128] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000 [pid 7127] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... openat resumed>) = 5 [pid 7128] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] <... futex resumed>) = 0 [pid 7127] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] <... futex resumed>) = 1 [pid 7127] <... futex resumed>) = 0 [pid 7128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7127] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7127] <... futex resumed>) = 0 [pid 7128] <... openat resumed>) = 6 [pid 7127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7128] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7128] <... futex resumed>) = 0 [pid 7127] <... mprotect resumed>) = 0 [pid 7128] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7129 attached => {parent_tid=[7129]}, 88) = 7129 [pid 7129] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7127] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7127] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7129] <... rseq resumed>) = 0 [pid 7129] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7129] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7129] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7127] <... futex resumed>) = 0 [pid 7129] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7127] exit_group(0 [pid 7129] <... futex resumed>) = ? [pid 7128] <... futex resumed>) = ? [pid 7129] +++ exited with 0 +++ [pid 7128] +++ exited with 0 +++ [pid 7127] <... exit_group resumed>) = ? [pid 7127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7127, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./694", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 169.859670][ T7128] loop0: detected capacity change from 0 to 64 umount2("./694/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./694/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./694/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./694/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./694/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./694/bus") = 0 umount2("./694/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./694/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./694/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./694") = 0 mkdir("./695", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7130 attached [pid 7130] set_robust_list(0x5555564f6760, 24 [pid 5037] <... clone resumed>, child_tidptr=0x5555564f6750) = 7130 [pid 7130] <... set_robust_list resumed>) = 0 [pid 7130] chdir("./695") = 0 [pid 7130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7130] setpgid(0, 0) = 0 [pid 7130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7130] write(3, "1000", 4) = 4 [pid 7130] close(3) = 0 [pid 7130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7130] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7130] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7130] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7130] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7131]}, 88) = 7131 [pid 7130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7131 attached [pid 7131] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7131] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7131] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7130] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] <... futex resumed>) = 0 [pid 7130] <... futex resumed>) = 1 [pid 7131] memfd_create("syzkaller", 0) = 3 [pid 7131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7130] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7131] <... mmap resumed>) = 0x7f6d3e4c7000 [pid 7131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7131] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7131] close(3) = 0 [pid 7131] mkdir("./bus", 0777) = 0 [pid 7131] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7131] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7131] chdir("./bus") = 0 [pid 7131] ioctl(4, LOOP_CLR_FD) = 0 [pid 7131] close(4) = 0 [pid 7131] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7130] <... futex resumed>) = 0 [pid 7131] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7130] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] <... futex resumed>) = 0 [pid 7130] <... futex resumed>) = 1 [pid 7131] memfd_create("syzkaller", 0) = 4 [pid 7131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7130] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7131] <... mmap resumed>) = 0x7f6d360cf000 [pid 7131] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7131] munmap(0x7f6d360cf000, 32768) = 0 [pid 7131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7131] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7131] ioctl(5, LOOP_CLR_FD) = 0 [pid 7131] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7131] close(5) = 0 [pid 7131] close(4) = 0 [pid 7131] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7130] <... futex resumed>) = 0 [pid 7130] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7130] <... futex resumed>) = 0 [pid 7130] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7131] <... openat resumed>) = 4 [pid 7131] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7131] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7130] <... futex resumed>) = 0 [pid 7130] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7130] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7131] <... futex resumed>) = 0 [pid 7131] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7131] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7131] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7130] <... futex resumed>) = 0 [pid 7130] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7131] <... futex resumed>) = 0 [pid 7130] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7131] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7131] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7130] <... futex resumed>) = 0 [pid 7131] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7130] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7130] <... futex resumed>) = 0 [pid 7130] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7131] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7131] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... futex resumed>) = 0 [pid 7131] <... futex resumed>) = 1 [pid 7130] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7130] <... futex resumed>) = 0 [pid 7130] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7130] <... futex resumed>) = 0 [pid 7131] <... openat resumed>) = 6 [pid 7130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7131] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7130] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7131] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7130] <... mprotect resumed>) = 0 [pid 7130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} => {parent_tid=[7132]}, 88) = 7132 ./strace-static-x86_64: Process 7132 attached [pid 7132] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053 [pid 7130] rt_sigprocmask(SIG_SETMASK, [], [pid 7132] <... rseq resumed>) = 0 [pid 7132] set_robust_list(0x7f6d360d69a0, 24 [pid 7130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7132] <... set_robust_list resumed>) = 0 [pid 7132] rt_sigprocmask(SIG_SETMASK, [], [pid 7130] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7130] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7132] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 169.946696][ T7131] loop0: detected capacity change from 0 to 64 [pid 7132] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651) = -1 ENOSPC (No space left on device) [pid 7132] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7130] <... futex resumed>) = 0 [pid 7130] exit_group(0 [pid 7131] <... futex resumed>) = ? [pid 7131] +++ exited with 0 +++ [pid 7132] <... futex resumed>) = ? [pid 7132] +++ exited with 0 +++ [pid 7130] <... exit_group resumed>) = ? [pid 7130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7130, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./695", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./695/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./695/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./695/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./695/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./695/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./695/bus") = 0 umount2("./695/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./695/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./695/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./695") = 0 mkdir("./696", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7133 ./strace-static-x86_64: Process 7133 attached [pid 7133] set_robust_list(0x5555564f6760, 24) = 0 [pid 7133] chdir("./696") = 0 [pid 7133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7133] setpgid(0, 0) = 0 [pid 7133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7133] write(3, "1000", 4) = 4 [pid 7133] close(3) = 0 [pid 7133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7133] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7133] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7133] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7134 attached [pid 7134] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7133] <... clone3 resumed> => {parent_tid=[7134]}, 88) = 7134 [pid 7134] <... rseq resumed>) = 0 [pid 7133] rt_sigprocmask(SIG_SETMASK, [], [pid 7134] set_robust_list(0x7f6d468e79a0, 24 [pid 7133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7134] <... set_robust_list resumed>) = 0 [pid 7133] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] rt_sigprocmask(SIG_SETMASK, [], [pid 7133] <... futex resumed>) = 0 [pid 7134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7133] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7134] memfd_create("syzkaller", 0) = 3 [pid 7134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7134] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7134] close(3) = 0 [pid 7134] mkdir("./bus", 0777) = 0 [pid 7134] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7134] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7134] chdir("./bus") = 0 [pid 7134] ioctl(4, LOOP_CLR_FD) = 0 [pid 7134] close(4) = 0 [pid 7134] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7134] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7133] <... futex resumed>) = 0 [pid 7133] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7133] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7134] <... futex resumed>) = 0 [pid 7134] memfd_create("syzkaller", 0) = 4 [pid 7134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7134] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7134] munmap(0x7f6d360cf000, 32768) = 0 [pid 7134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7134] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7134] ioctl(5, LOOP_CLR_FD) = 0 [pid 7134] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7134] close(5) = 0 [pid 7134] close(4) = 0 [pid 7134] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7133] <... futex resumed>) = 0 [pid 7134] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7133] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] <... openat resumed>) = 4 [pid 7133] <... futex resumed>) = 0 [pid 7133] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... futex resumed>) = 0 [pid 7133] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7133] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] <... futex resumed>) = 1 [pid 7134] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7134] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... futex resumed>) = 0 [pid 7133] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] <... futex resumed>) = 1 [pid 7133] <... futex resumed>) = 0 [pid 7134] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7133] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... futex resumed>) = 0 [pid 7133] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7133] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] <... futex resumed>) = 1 [pid 7134] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7134] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7134] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... futex resumed>) = 0 [pid 7133] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7133] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7134] <... futex resumed>) = 1 [pid 7133] <... mmap resumed>) = 0x7f6d360b6000 [pid 7134] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7133] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE [pid 7134] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7133] <... mprotect resumed>) = 0 [pid 7134] <... openat resumed>) = 6 [pid 7134] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7134] <... futex resumed>) = 0 [pid 7133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0} [pid 7134] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7135 attached [pid 7135] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7135] set_robust_list(0x7f6d360d69a0, 24) = 0 [pid 7135] rt_sigprocmask(SIG_SETMASK, [], [pid 7133] <... clone3 resumed> => {parent_tid=[7135]}, 88) = 7135 [pid 7135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7135] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7133] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7135] <... futex resumed>) = 0 [pid 7133] <... futex resumed>) = 1 [pid 7135] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7133] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7135] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7135] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7133] <... futex resumed>) = 0 [pid 7135] futex(0x7f6d469b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7133] exit_group(0 [pid 7134] <... futex resumed>) = ? [pid 7133] <... exit_group resumed>) = ? [pid 7135] <... futex resumed>) = ? [pid 7134] +++ exited with 0 +++ [pid 7135] +++ exited with 0 +++ [pid 7133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7133, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./696", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 170.059408][ T7134] loop0: detected capacity change from 0 to 64 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 umount2("./696/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./696/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./696/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./696/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./696/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./696/bus") = 0 umount2("./696/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./696/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./696/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./696") = 0 mkdir("./697", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564f6750) = 7136 ./strace-static-x86_64: Process 7136 attached [pid 7136] set_robust_list(0x5555564f6760, 24) = 0 [pid 7136] chdir("./697") = 0 [pid 7136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7136] setpgid(0, 0) = 0 [pid 7136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7136] write(3, "1000", 4) = 4 [pid 7136] close(3) = 0 [pid 7136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7136] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7136] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0}./strace-static-x86_64: Process 7137 attached [pid 7137] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053 [pid 7136] <... clone3 resumed> => {parent_tid=[7137]}, 88) = 7137 [pid 7137] <... rseq resumed>) = 0 [pid 7136] rt_sigprocmask(SIG_SETMASK, [], [pid 7137] set_robust_list(0x7f6d468e79a0, 24 [pid 7136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7137] <... set_robust_list resumed>) = 0 [pid 7136] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7137] rt_sigprocmask(SIG_SETMASK, [], [pid 7136] <... futex resumed>) = 0 [pid 7137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7136] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7137] memfd_create("syzkaller", 0) = 3 [pid 7137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7137] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7137] close(3) = 0 [pid 7137] mkdir("./bus", 0777) = 0 [pid 7137] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7137] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7137] chdir("./bus") = 0 [pid 7137] ioctl(4, LOOP_CLR_FD) = 0 [pid 7137] close(4) = 0 [pid 7137] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7136] <... futex resumed>) = 0 [pid 7136] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7137] <... futex resumed>) = 0 [pid 7137] memfd_create("syzkaller", 0) = 4 [pid 7137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7137] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7136] <... futex resumed>) = 1 [pid 7137] munmap(0x7f6d360cf000, 32768 [pid 7136] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7137] <... munmap resumed>) = 0 [pid 7137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7137] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7137] ioctl(5, LOOP_CLR_FD) = 0 [pid 7137] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7137] close(5) = 0 [pid 7137] close(4) = 0 [pid 7137] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7136] <... futex resumed>) = 0 [pid 7137] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7136] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7137] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7136] <... futex resumed>) = 0 [pid 7136] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7137] <... openat resumed>) = 4 [pid 7137] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] <... futex resumed>) = 0 [pid 7136] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7137] <... futex resumed>) = 1 [pid 7136] <... futex resumed>) = 0 [pid 7137] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651 [pid 7136] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7137] <... write resumed>) = 12288 [pid 7137] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] <... futex resumed>) = 0 [pid 7136] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7137] <... futex resumed>) = 1 [pid 7137] mmap(0x20000000, 11755520, PROT_READ|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 7137] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] <... futex resumed>) = 0 [pid 7136] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7137] <... futex resumed>) = 1 [pid 7137] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 7137] openat(AT_FDCWD, "\xa8\x3b\xfa\x90\xfa\x02\xcd\xfd\xf7\x27\x9b\xe7\x64\x41\x5e\x3f\x70\xa9\xce\xd9\x1e\x65\xf6\xa2\xcb\x40\xf9\x73\xe2\x03\xb8\x92\xc9\x65\x63\x18\xb6\x96\x43\x93\x9c\x7a\xc3\x47\x94\xcf\x45\x10\xef\xd7\xba\x79\x39\x58\x96\xea\xf1\x6a\x5f\x4c\x5a\xe7\xcb\x7e", O_RDONLY|O_CREAT|O_EXCL|0x30, 000) = 5 [pid 7137] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] <... futex resumed>) = 0 [pid 7136] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7137] <... futex resumed>) = 1 [pid 7136] <... futex resumed>) = 0 [pid 7137] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 7136] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7137] openat(AT_FDCWD, "t", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d360b6000 [pid 7136] mprotect(0x7f6d360b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7137] <... openat resumed>) = 6 [pid 7136] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7137] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7137] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d360d6990, parent_tid=0x7f6d360d6990, exit_signal=0, stack=0x7f6d360b6000, stack_size=0x20240, tls=0x7f6d360d66c0}./strace-static-x86_64: Process 7138 attached [pid 7138] rseq(0x7f6d360d6fe0, 0x20, 0, 0x53053053) = 0 [pid 7136] <... clone3 resumed> => {parent_tid=[7138]}, 88) = 7138 [pid 7138] set_robust_list(0x7f6d360d69a0, 24 [pid 7136] rt_sigprocmask(SIG_SETMASK, [], [pid 7138] <... set_robust_list resumed>) = 0 [pid 7136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7138] rt_sigprocmask(SIG_SETMASK, [], [pid 7136] futex(0x7f6d469b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7138] write(4, "\x00\x1a\x40\x69\x3c\xa4\xdc\xd4\x2d\xbf\x2a\xde\xf7\x2a\x0f\xe3\x9f\x3a\x28\xc7\xa1\x74\xdf\xb9\x4c\xf1\x7b\xe8\x48\xec\xbc\x33\xf8\x2e\x4e\x7c\xc4\x8b\x42\xef\x9e\x1d\x89\x38\x2b\x06\xd8\x91\x47\x6a\xae\xdd\x87\xf1\x6d\x04\x73\x8c\x8f\x61\x1f\x86\x34\x25\xd2\x8b\xb0\x53\xaa\x8f\xa2\x78\x1f\xe4\x6c\x2a\x76\x4c\x23\x55\xec\x33\x83\xad\x00\x65\x71\x68\x4a\x27\x58\x06\xa3\x69\x36\x60\x13\x1b\xd4\xce"..., 34136651 [pid 7136] <... futex resumed>) = 0 [pid 7138] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 7136] futex(0x7f6d469b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] futex(0x7f6d469b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] <... futex resumed>) = 0 [pid 7136] exit_group(0) = ? [pid 7137] <... futex resumed>) = ? [pid 7138] <... futex resumed>) = ? [pid 7137] +++ exited with 0 +++ [pid 7138] +++ exited with 0 +++ [pid 7136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7136, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./697", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555564f77f0 /* 4 entries */, 32768) = 104 [ 170.174882][ T7137] loop0: detected capacity change from 0 to 64 umount2("./697/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./697/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./697/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./697/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./697/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555564ff830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555564ff830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./697/bus") = 0 umount2("./697/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./697/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./697/binderfs") = 0 getdents64(3, 0x5555564f77f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./697") = 0 mkdir("./698", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7139 attached , child_tidptr=0x5555564f6750) = 7139 [pid 7139] set_robust_list(0x5555564f6760, 24) = 0 [pid 7139] chdir("./698") = 0 [pid 7139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7139] setpgid(0, 0) = 0 [pid 7139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7139] write(3, "1000", 4) = 4 [pid 7139] close(3) = 0 [pid 7139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7139] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7139] rt_sigaction(SIGRT_1, {sa_handler=0x7f6d46951950, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6d468fae10}, NULL, 8) = 0 [pid 7139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6d468c7000 [pid 7139] mprotect(0x7f6d468c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6d468e7990, parent_tid=0x7f6d468e7990, exit_signal=0, stack=0x7f6d468c7000, stack_size=0x20240, tls=0x7f6d468e76c0} => {parent_tid=[7140]}, 88) = 7140 [pid 7139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7139] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7139] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7140 attached [pid 7140] rseq(0x7f6d468e7fe0, 0x20, 0, 0x53053053) = 0 [pid 7140] set_robust_list(0x7f6d468e79a0, 24) = 0 [pid 7140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7140] memfd_create("syzkaller", 0) = 3 [pid 7140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d3e4c7000 [pid 7140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 7140] munmap(0x7f6d3e4c7000, 32768) = 0 [pid 7140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7140] close(3) = 0 [pid 7140] mkdir("./bus", 0777) = 0 [pid 7140] mount("/dev/loop0", "./bus", "hfs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_I_VERSION|MS_STRICTATIME, "file_umask=00000000000000000000001,codepage=iso8859-2,quiet,file_umask=00000000000000000011404,quiet"...) = 0 [pid 7140] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7140] chdir("./bus") = 0 [pid 7140] ioctl(4, LOOP_CLR_FD) = 0 [pid 7140] close(4) = 0 [pid 7140] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7140] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7139] <... futex resumed>) = 0 [pid 7139] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7140] <... futex resumed>) = 0 [pid 7140] memfd_create("syzkaller", 0) = 4 [pid 7140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6d360cf000 [pid 7140] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768 [pid 7139] <... futex resumed>) = 1 [pid 7139] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7140] <... write resumed>) = 32768 [pid 7140] munmap(0x7f6d360cf000, 32768) = 0 [pid 7140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 7140] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7140] ioctl(5, LOOP_CLR_FD) = 0 [pid 7140] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 7140] close(5) = 0 [pid 7140] close(4) = 0 [pid 7140] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7139] <... futex resumed>) = 0 [pid 7140] futex(0x7f6d469b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7139] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7139] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7140] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7140] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7139] <... futex resumed>) = 0 [pid 7139] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7139] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7140] write(4, "\x74\x00\x00\x65\x3d\x85\xe7\xbc\xb7\x2c\x63\x6f\x64\x65\x70\x61\x67\x65\x3d\x75\x5c\x66\x38\x2c\x69\x6f\x63\x68\x61\x72\x7a\x65\x74\x3d\x63\x70\x38\x37\x34\xb9\x00\x00\x00\x00\x00\x00\x00\x3d\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x65\x57\xee\x7a\xef\x08\xdf\x18\xab\x68\xf7\x86\x28\xae\xb7\xd5\x20\x2c\x00\xff\xaf\xca\xff\x17\x38\xf1\x11\x0f\x46\x6b\x2d\xbd\xb5\x99\xc1"..., 34136651) = 12288 [pid 7140] futex(0x7f6d469b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7139] <... futex resumed>) = 0 [pid 7139] futex(0x7f6d469b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7139] futex(0x7f6d469b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7140] <... futex resumed>) = 1