./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor65561234 <...> Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts. execve("./syz-executor65561234", ["./syz-executor65561234"], 0x7ffcc426e700 /* 10 vars */) = 0 brk(NULL) = 0x55555687e000 brk(0x55555687ec40) = 0x55555687ec40 arch_prctl(ARCH_SET_FS, 0x55555687e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555687e5d0) = 5082 set_robust_list(0x55555687e5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f5aeaa1d7b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f5aeaa1de80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f5aeaa1d850, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5aeaa1de80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor65561234", 4096) = 26 brk(0x55555689fc40) = 0x55555689fc40 brk(0x5555568a0000) = 0x5555568a0000 mprotect(0x7f5aeaadf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5082 mkdir("./syzkaller.oE43Ru", 0700) = 0 chmod("./syzkaller.oE43Ru", 0777) = 0 chdir("./syzkaller.oE43Ru") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5083 ./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5083] chdir("./0") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5083] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5085 [pid 5083] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5085] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./bus", 0777) = 0 [pid 5085] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5085] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./bus") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5085] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5085] unlink("./file2" [pid 5083] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... unlink resumed>) = 0 [pid 5085] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5085] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [ 76.060587][ T5085] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5085 'syz-executor655' [ 76.085380][ T5085] loop0: detected capacity change from 0 to 1024 [pid 5085] mkdir(".", 0777 [pid 5083] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5083] <... futex resumed>) = 0 [pid 5085] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5083] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x7f5ae266b9e0, 24 [pid 5083] <... clone resumed>, parent_tid=[5086], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5086 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5083] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... openat resumed>) = -1 EEXIST (File exists) [pid 5086] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5086] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... mount resumed>) = 0 [pid 5085] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5085] chdir(".") = 0 [pid 5085] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5085] <... futex resumed>) = ? [pid 5083] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 76.146343][ T12] hfsplus: b-tree write err: -5, ino 4 rmdir("./0/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5087] chdir("./1") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5087] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5088 [pid 5087] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5088] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./bus", 0777) = 0 [pid 5088] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./bus") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5087] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] unlink("./file2" [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... unlink resumed>) = 0 [pid 5088] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5087] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mkdir(".", 0777 [pid 5087] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5088] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5087] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5088] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5087] <... mprotect resumed>) = 0 [pid 5087] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5089], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5089 [pid 5087] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5089] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5089] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5088] <... mount resumed>) = 0 [pid 5088] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5088] chdir(".") = 0 [pid 5088] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] exit_group(0) = ? [pid 5089] <... futex resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 76.252370][ T5088] loop0: detected capacity change from 0 to 1024 [ 76.287193][ T12] hfsplus: b-tree write err: -5, ino 4 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5090] chdir("./2") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5090] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5091 attached , parent_tid=[5091], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5091 [pid 5091] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5090] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] <... set_robust_list resumed>) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5091] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./bus", 0777) = 0 [pid 5091] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5091] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./bus") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] unlink("./file2") = 0 [pid 5091] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5090] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5092], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5092 [pid 5090] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5091] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5092] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5092] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5092] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... mount resumed>) = 0 [pid 5091] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5091] chdir(".") = 0 [pid 5091] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] exit_group(0 [pid 5091] <... futex resumed>) = ? [pid 5090] <... exit_group resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5092] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 76.398801][ T5091] loop0: detected capacity change from 0 to 1024 [ 76.423914][ T12] hfsplus: b-tree write err: -5, ino 4 rmdir("./2/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5093] chdir("./3") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5093] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5094], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5094 [pid 5093] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5094] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./bus", 0777) = 0 [pid 5094] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./bus") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] unlink("./file2") = 0 [pid 5094] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] mkdir(".", 0777 [pid 5093] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5094] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5093] <... mmap resumed>) = 0x7f5ae264b000 [pid 5094] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5093] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5095], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5095 [pid 5093] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5095] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5095] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5095] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... mount resumed>) = 0 [pid 5094] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5094] chdir(".") = 0 [pid 5094] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] exit_group(0) = ? [pid 5095] <... futex resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5094] <... futex resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 76.512973][ T5094] loop0: detected capacity change from 0 to 1024 [ 76.544309][ T62] hfsplus: b-tree write err: -5, ino 4 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5096] chdir("./4") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5096] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5097], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5097 [pid 5096] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5097] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./bus", 0777) = 0 [pid 5097] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5097] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./bus") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] unlink("./file2") = 0 [pid 5097] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5096] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7f5ae266b9e0, 24 [pid 5097] <... futex resumed>) = 1 [pid 5096] <... clone resumed>, parent_tid=[5098], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5098 [pid 5096] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... set_robust_list resumed>) = 0 [pid 5098] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5097] mkdir(".", 0777 [pid 5098] <... openat resumed>) = -1 EEXIST (File exists) [pid 5097] <... mkdir resumed>) = -1 EEXIST (File exists) [ 76.665085][ T5097] loop0: detected capacity change from 0 to 1024 [pid 5098] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5098] <... futex resumed>) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5098] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... mount resumed>) = 0 [pid 5097] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5097] chdir(".") = 0 [pid 5097] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] exit_group(0 [pid 5098] <... futex resumed>) = ? [pid 5096] <... exit_group resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5097] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5099] chdir("./5") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5099] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5100], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5100 [pid 5099] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [ 76.707024][ T12] hfsplus: b-tree write err: -5, ino 4 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5100] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./bus", 0777) = 0 [pid 5100] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5100] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./bus") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] unlink("./file2") = 0 [pid 5100] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5099] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x7f5ae266b9e0, 24 [pid 5099] <... clone resumed>, parent_tid=[5101], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5101 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5101] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5099] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... openat resumed>) = -1 EEXIST (File exists) [pid 5101] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5101] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] <... futex resumed>) = 1 [pid 5100] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5100] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6") = 0 [pid 5100] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5100] chdir(".") = 0 [pid 5100] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] exit_group(0 [pid 5101] <... futex resumed>) = ? [pid 5100] <... futex resumed>) = ? [pid 5099] <... exit_group resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 76.773459][ T5100] loop0: detected capacity change from 0 to 1024 [ 76.809469][ T12] hfsplus: b-tree write err: -5, ino 4 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5102] chdir("./6") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5102] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5103 attached , parent_tid=[5103], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5103 [pid 5102] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5103] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./bus", 0777) = 0 [pid 5103] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./bus") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] unlink("./file2") = 0 [pid 5103] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5102] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5104], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5104 [pid 5102] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 1 [pid 5103] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5103] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x7f5ae266b9e0, 24 [pid 5103] <... mount resumed>) = 0 [pid 5103] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5103] chdir("." [pid 5104] <... set_robust_list resumed>) = 0 [pid 5104] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5103] <... chdir resumed>) = 0 [pid 5104] <... openat resumed>) = -1 EEXIST (File exists) [pid 5103] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = 1 [pid 5103] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5104] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] exit_group(0 [pid 5104] <... futex resumed>) = ? [pid 5103] <... futex resumed>) = ? [pid 5102] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 76.914064][ T5103] loop0: detected capacity change from 0 to 1024 [ 76.946961][ T41] hfsplus: b-tree write err: -5, ino 4 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5105] chdir("./7") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5105] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5106 attached , parent_tid=[5106], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5106 [pid 5105] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5106] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./bus", 0777) = 0 [pid 5106] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./bus") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [pid 5106] unlink("./file2") = 0 [pid 5106] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] mkdir(".", 0777 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5105] <... futex resumed>) = 0 [pid 5106] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [ 77.050283][ T5106] loop0: detected capacity change from 0 to 1024 [pid 5105] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5107], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5107 [pid 5105] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x7f5ae266b9e0, 24 [pid 5106] <... mount resumed>) = 0 [pid 5106] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5106] chdir(".") = 0 [pid 5106] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... set_robust_list resumed>) = 0 [pid 5107] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5107] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] exit_group(0 [pid 5106] <... futex resumed>) = ? [pid 5105] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5107] <... futex resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5108 [ 77.092009][ T12] hfsplus: b-tree write err: -5, ino 4 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5108] chdir("./8") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5108] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5109 ./strace-static-x86_64: Process 5109 attached [pid 5108] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5108] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] <... set_robust_list resumed>) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5109] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./bus", 0777) = 0 [pid 5109] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5109] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./bus") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5108] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] unlink("./file2" [pid 5108] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... unlink resumed>) = 0 [pid 5109] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mkdir(".", 0777 [pid 5108] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5109] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5108] <... mmap resumed>) = 0x7f5ae264b000 [pid 5108] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5110], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5110 [pid 5108] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5110] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5110] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] <... mount resumed>) = 0 [pid 5109] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5109] chdir(".") = 0 [pid 5109] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] exit_group(0) = ? [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5110] <... futex resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 77.189306][ T5109] loop0: detected capacity change from 0 to 1024 [ 77.229029][ T12] hfsplus: b-tree write err: -5, ino 4 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5111] chdir("./9") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5111] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5112 attached , parent_tid=[5112], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5112 [pid 5111] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5112] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./bus", 0777) = 0 [pid 5112] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5112] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./bus") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5112] unlink("./file2" [pid 5111] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... unlink resumed>) = 0 [pid 5112] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5112] mkdir(".", 0777 [pid 5111] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5111] <... futex resumed>) = 0 [pid 5112] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5112] <... mount resumed>) = 0 [pid 5111] <... mmap resumed>) = 0x7f5ae264b000 [pid 5112] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5111] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5112] <... openat resumed>) = 4 [pid 5111] <... mprotect resumed>) = 0 [pid 5112] chdir("." [pid 5111] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5112] <... chdir resumed>) = 0 [pid 5112] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... clone resumed>, parent_tid=[5113], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5113 [pid 5112] <... futex resumed>) = 0 [pid 5111] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5113] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5113] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5113] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] exit_group(0 [pid 5113] <... futex resumed>) = ? [pid 5112] <... futex resumed>) = ? [pid 5111] <... exit_group resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 77.320103][ T5112] loop0: detected capacity change from 0 to 1024 [ 77.340549][ T41] hfsplus: b-tree write err: -5, ino 4 rmdir("./9/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5114 ./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5114] chdir("./10") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5114] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5115], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5115 [pid 5114] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5115] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./bus", 0777) = 0 [pid 5115] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./bus") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] unlink("./file2") = 0 [pid 5115] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5114] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5116], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5116 [pid 5114] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5115] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5116] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5116] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... mount resumed>) = 0 [pid 5115] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5115] chdir(".") = 0 [pid 5115] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... futex resumed>) = 0 [pid 5114] exit_group(0 [pid 5115] <... futex resumed>) = ? [pid 5114] <... exit_group resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5116] <... futex resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 77.439188][ T5115] loop0: detected capacity change from 0 to 1024 [ 77.467873][ T41] hfsplus: b-tree write err: -5, ino 4 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5117] chdir("./11") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5117] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5118 attached , parent_tid=[5118], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5118 [pid 5117] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... set_robust_list resumed>) = 0 [pid 5117] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5118] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./bus", 0777) = 0 [pid 5118] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5118] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./bus") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] unlink("./file2") = 0 [pid 5118] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] mkdir(".", 0777 [pid 5117] <... futex resumed>) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5117] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5117] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5119], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5119 [pid 5117] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5119 attached ) = 0 [pid 5119] set_robust_list(0x7f5ae266b9e0, 24 [pid 5117] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5119] <... set_robust_list resumed>) = 0 [pid 5119] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [ 77.548267][ T5118] loop0: detected capacity change from 0 to 1024 [pid 5119] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5119] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... mount resumed>) = 0 [pid 5118] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5118] chdir(".") = 0 [pid 5118] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] exit_group(0 [pid 5118] <... futex resumed>) = ? [pid 5119] <... futex resumed>) = ? [pid 5117] <... exit_group resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 77.594990][ T41] hfsplus: b-tree write err: -5, ino 4 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached , child_tidptr=0x55555687e5d0) = 5120 [pid 5120] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5120] chdir("./12") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5120] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5121], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5121 [pid 5120] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5121] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./bus", 0777) = 0 [pid 5121] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5121] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./bus") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] unlink("./file2") = 0 [pid 5121] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] mkdir(".", 0777 [pid 5120] <... mmap resumed>) = 0x7f5ae264b000 [pid 5121] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5120] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5121] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5120] <... mprotect resumed>) = 0 [pid 5120] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5122], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5120] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] set_robust_list(0x7f5ae266b9e0, 24 [pid 5120] <... futex resumed>) = 0 [pid 5122] <... set_robust_list resumed>) = 0 [pid 5120] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5122] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5122] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... mount resumed>) = 0 [pid 5121] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5121] chdir(".") = 0 [pid 5121] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] exit_group(0) = ? [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5122] <... futex resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 77.696076][ T5121] loop0: detected capacity change from 0 to 1024 [ 77.724539][ T41] hfsplus: b-tree write err: -5, ino 4 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5123 ./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5123] chdir("./13") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5123] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5124], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5124 [pid 5123] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5124] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./bus", 0777) = 0 [pid 5124] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./bus") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] unlink("./file2") = 0 [pid 5124] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5124] mkdir(".", 0777 [pid 5123] <... mmap resumed>) = 0x7f5ae264b000 [pid 5123] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5124] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5123] <... mprotect resumed>) = 0 [pid 5123] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5125 attached [pid 5124] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5123] <... clone resumed>, parent_tid=[5125], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5125 [pid 5123] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] set_robust_list(0x7f5ae266b9e0, 24 [pid 5123] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... set_robust_list resumed>) = 0 [pid 5125] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5125] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5125] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... mount resumed>) = 0 [pid 5124] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5124] chdir(".") = 0 [pid 5124] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] exit_group(0) = ? [pid 5125] <... futex resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 [ 77.803464][ T5124] loop0: detected capacity change from 0 to 1024 [ 77.842845][ T41] hfsplus: b-tree write err: -5, ino 4 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached , child_tidptr=0x55555687e5d0) = 5126 [pid 5126] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5126] chdir("./14") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5126] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5127 attached , parent_tid=[5127], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5127 [pid 5127] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5126] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... set_robust_list resumed>) = 0 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5127] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] mkdir("./bus", 0777) = 0 [pid 5127] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5127] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./bus") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] unlink("./file2") = 0 [pid 5127] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5127] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5127] mkdir(".", 0777 [pid 5126] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5127] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5126] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5128], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5128 [pid 5126] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5128 attached [pid 5127] <... mount resumed>) = 0 [pid 5127] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5127] chdir(".") = 0 [pid 5127] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5128] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5128] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5128] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5127] <... futex resumed>) = ? [pid 5126] <... exit_group resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 77.927480][ T5127] loop0: detected capacity change from 0 to 1024 [ 77.965663][ T41] hfsplus: b-tree write err: -5, ino 4 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5129 ./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5129] chdir("./15") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5129] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5130 attached , parent_tid=[5130], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5130 [pid 5130] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5129] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5130] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./bus", 0777) = 0 [pid 5130] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5130] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./bus") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5129] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] unlink("./file2") = 0 [pid 5130] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] mkdir(".", 0777 [pid 5129] <... futex resumed>) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5129] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5131], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5131 [pid 5129] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... mkdir resumed>) = -1 EEXIST (File exists) [ 78.055313][ T5130] loop0: detected capacity change from 0 to 1024 [pid 5130] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x7f5ae266b9e0, 24 [pid 5130] <... mount resumed>) = 0 [pid 5131] <... set_robust_list resumed>) = 0 [pid 5130] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5131] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5130] <... openat resumed>) = 5 [pid 5131] <... openat resumed>) = -1 EEXIST (File exists) [pid 5130] chdir("." [pid 5131] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... chdir resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5130] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5131] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] exit_group(0 [pid 5130] <... futex resumed>) = ? [pid 5129] <... exit_group resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5131] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x55555687e5e0, 24) = 0 [ 78.098613][ T41] hfsplus: b-tree write err: -5, ino 4 [pid 5132] chdir("./16") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5132] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5133] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... clone resumed>, parent_tid=[5133], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5133 [pid 5132] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5133] memfd_create("syzkaller", 0 [pid 5132] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5133] <... memfd_create resumed>) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5133] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./bus", 0777) = 0 [pid 5133] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5133] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./bus") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] unlink("./file2" [pid 5132] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... unlink resumed>) = 0 [pid 5133] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] <... futex resumed>) = 1 [pid 5132] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] mkdir(".", 0777 [pid 5132] <... futex resumed>) = 0 [pid 5133] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5133] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5132] <... mmap resumed>) = 0x7f5ae264b000 [pid 5132] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7f5ae266b9e0, 24 [pid 5132] <... clone resumed>, parent_tid=[5134], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5134 [pid 5134] <... set_robust_list resumed>) = 0 [pid 5133] <... mount resumed>) = 0 [pid 5132] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5132] <... futex resumed>) = 0 [pid 5134] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5133] <... openat resumed>) = 4 [pid 5132] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] chdir(".") = 0 [pid 5133] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] <... openat resumed>) = -1 EEXIST (File exists) [pid 5133] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5132] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5132] <... exit_group resumed>) = ? [pid 5134] +++ exited with 0 +++ [pid 5133] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached , child_tidptr=0x55555687e5d0) = 5135 [ 78.190795][ T5133] loop0: detected capacity change from 0 to 1024 [ 78.227351][ T41] hfsplus: b-tree write err: -5, ino 4 [pid 5135] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5135] chdir("./17") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5135] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5135] <... clone resumed>, parent_tid=[5136], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5136 [pid 5135] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... set_robust_list resumed>) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5136] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] mkdir("./bus", 0777) = 0 [pid 5136] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5136] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./bus") = 0 [pid 5136] ioctl(4, LOOP_CLR_FD) = 0 [pid 5136] close(4) = 0 [pid 5136] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] unlink("./file2") = 0 [pid 5136] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5135] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5137], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5137 [pid 5135] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5136] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6") = 0 [pid 5136] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5136] chdir(".") = 0 [pid 5136] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x7f5ae266b9e0, 24 [pid 5136] <... futex resumed>) = 0 [pid 5136] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... set_robust_list resumed>) = 0 [pid 5137] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5137] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5137] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] exit_group(0 [pid 5137] <... futex resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] <... exit_group resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 78.308730][ T5136] loop0: detected capacity change from 0 to 1024 [ 78.347679][ T41] hfsplus: b-tree write err: -5, ino 4 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5138 ./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5138] chdir("./18") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5138] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5139 attached , parent_tid=[5139], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5139 [pid 5138] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5139] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./bus", 0777) = 0 [pid 5139] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./bus") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5139] unlink("./file2" [pid 5138] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... unlink resumed>) = 0 [pid 5139] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] mkdir(".", 0777 [pid 5138] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5138] <... futex resumed>) = 0 [ 78.451246][ T5139] loop0: detected capacity change from 0 to 1024 [pid 5139] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5138] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5138] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5140], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5140 [pid 5138] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5140 attached [pid 5139] <... mount resumed>) = 0 [pid 5140] set_robust_list(0x7f5ae266b9e0, 24 [pid 5139] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5140] <... set_robust_list resumed>) = 0 [pid 5139] <... openat resumed>) = 4 [pid 5140] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5139] chdir("." [pid 5140] <... openat resumed>) = -1 EEXIST (File exists) [pid 5139] <... chdir resumed>) = 0 [pid 5140] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 0 [pid 5140] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5139] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5141] chdir("./19") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5141] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5142], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5142 [pid 5141] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [ 78.503978][ T41] hfsplus: b-tree write err: -5, ino 4 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5142] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] mkdir("./bus", 0777) = 0 [pid 5142] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5142] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./bus") = 0 [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5141] <... futex resumed>) = 1 [pid 5142] unlink("./file2" [pid 5141] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... unlink resumed>) = 0 [pid 5142] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5141] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5141] <... futex resumed>) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5141] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5143], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5143 [pid 5141] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... mount resumed>) = 0 [pid 5142] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5142] chdir("."./strace-static-x86_64: Process 5143 attached ) = 0 [pid 5142] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5143] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5143] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5143] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5142] <... futex resumed>) = ? [pid 5141] <... exit_group resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 78.574833][ T5142] loop0: detected capacity change from 0 to 1024 [ 78.606008][ T12] hfsplus: b-tree write err: -5, ino 4 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5144] chdir("./20") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5144] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5144] <... clone resumed>, parent_tid=[5145], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5145 [pid 5145] <... set_robust_list resumed>) = 0 [pid 5144] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5145] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./bus", 0777) = 0 [pid 5145] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./bus") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5145] unlink("./file2" [pid 5144] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... unlink resumed>) = 0 [pid 5145] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5145] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5145] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5144] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5144] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5146] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... clone resumed>, parent_tid=[5146], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5146 [pid 5144] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5146] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5146] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5146] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... mount resumed>) = 0 [pid 5145] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5145] chdir(".") = 0 [pid 5145] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] exit_group(0 [pid 5146] <... futex resumed>) = ? [pid 5145] <... futex resumed>) = ? [pid 5144] <... exit_group resumed>) = ? [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 78.705121][ T5145] loop0: detected capacity change from 0 to 1024 [ 78.736641][ T12] hfsplus: b-tree write err: -5, ino 4 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5147 ./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5147] chdir("./21") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5147] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5147] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5148], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5148 [pid 5147] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5148] memfd_create("syzkaller", 0) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5148] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5148] close(3) = 0 [pid 5148] mkdir("./bus", 0777) = 0 [pid 5148] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5148] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5148] chdir("./bus") = 0 [pid 5148] ioctl(4, LOOP_CLR_FD) = 0 [pid 5148] close(4) = 0 [pid 5148] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] unlink("./file2") = 0 [pid 5148] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5147] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5147] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5149], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5149 [pid 5147] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5148] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5149] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5149] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5149] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... mount resumed>) = 0 [pid 5148] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5148] chdir(".") = 0 [pid 5148] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] exit_group(0 [pid 5149] <... futex resumed>) = ? [pid 5148] <... futex resumed>) = ? [pid 5147] <... exit_group resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 78.817011][ T5148] loop0: detected capacity change from 0 to 1024 [ 78.846153][ T12] hfsplus: b-tree write err: -5, ino 4 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5150] chdir("./22") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5150] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5151 attached , parent_tid=[5151], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5151 [pid 5151] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5151] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5150] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5151] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./bus", 0777) = 0 [pid 5151] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5151] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./bus") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5151] unlink("./file2" [pid 5150] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... unlink resumed>) = 0 [pid 5151] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] mkdir(".", 0777 [pid 5150] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5151] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5150] <... mmap resumed>) = 0x7f5ae264b000 [pid 5150] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x7f5ae266b9e0, 24 [pid 5150] <... clone resumed>, parent_tid=[5152], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5152 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5150] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... openat resumed>) = -1 EEXIST (File exists) [pid 5152] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5152] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... mount resumed>) = 0 [pid 5151] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5151] chdir(".") = 0 [pid 5151] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] exit_group(0 [pid 5152] <... futex resumed>) = ? [pid 5151] <... futex resumed>) = ? [pid 5150] <... exit_group resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5153 [ 78.969440][ T5151] loop0: detected capacity change from 0 to 1024 [ 79.004272][ T12] hfsplus: b-tree write err: -5, ino 4 ./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5153] chdir("./23") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5153] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5154], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5154 [pid 5153] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5154] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] mkdir("./bus", 0777) = 0 [pid 5154] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5154] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./bus") = 0 [pid 5154] ioctl(4, LOOP_CLR_FD) = 0 [pid 5154] close(4) = 0 [pid 5154] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 1 [pid 5154] unlink("./file2") = 0 [pid 5154] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5153] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5155], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5155 [pid 5153] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 1 [pid 5154] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5154] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5155] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5155] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5155] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... mount resumed>) = 0 [pid 5154] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5154] chdir(".") = 0 [pid 5154] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] exit_group(0 [pid 5154] <... futex resumed>) = ? [pid 5153] <... exit_group resumed>) = ? [pid 5155] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 79.078232][ T5154] loop0: detected capacity change from 0 to 1024 [ 79.102872][ T12] hfsplus: b-tree write err: -5, ino 4 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5156 ./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5156] chdir("./24") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5156] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5157 attached , parent_tid=[5157], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5157 [pid 5156] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5157] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./bus", 0777) = 0 [pid 5157] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5157] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./bus") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] unlink("./file2" [pid 5156] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... unlink resumed>) = 0 [pid 5157] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] mkdir(".", 0777 [pid 5156] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5156] <... futex resumed>) = 0 [pid 5157] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [ 79.194665][ T5157] loop0: detected capacity change from 0 to 1024 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5156] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5158], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5158 [pid 5156] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5158 attached ) = 0 [pid 5158] set_robust_list(0x7f5ae266b9e0, 24 [pid 5156] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... set_robust_list resumed>) = 0 [pid 5158] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5158] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5158] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5157] <... mount resumed>) = 0 [pid 5157] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5157] chdir(".") = 0 [pid 5157] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] exit_group(0 [pid 5158] <... futex resumed>) = ? [pid 5157] <... futex resumed>) = ? [pid 5156] <... exit_group resumed>) = ? [pid 5158] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.236295][ T12] hfsplus: b-tree write err: -5, ino 4 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5159 ./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5159] chdir("./25") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5159] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5159] <... clone resumed>, parent_tid=[5160], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5160 [pid 5159] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5160] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./bus", 0777) = 0 [pid 5160] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5160] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./bus") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] unlink("./file2" [pid 5159] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... unlink resumed>) = 0 [pid 5160] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5160] mkdir(".", 0777 [pid 5159] <... mmap resumed>) = 0x7f5ae264b000 [pid 5159] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5160] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5159] <... mprotect resumed>) = 0 [pid 5159] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5161 attached [pid 5160] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5159] <... clone resumed>, parent_tid=[5161], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5161 [pid 5159] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.329589][ T5160] loop0: detected capacity change from 0 to 1024 [pid 5159] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5161] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5161] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... mount resumed>) = 0 [pid 5160] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5160] chdir(".") = 0 [pid 5160] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... futex resumed>) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] exit_group(0 [pid 5160] <... futex resumed>) = ? [pid 5159] <... exit_group resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x55555687e5d0) = 5162 [pid 5162] set_robust_list(0x55555687e5e0, 24) = 0 [ 79.372397][ T62] hfsplus: b-tree write err: -5, ino 4 [pid 5162] chdir("./26") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5162] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5163], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5163 [pid 5162] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5163] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] mkdir("./bus", 0777) = 0 [pid 5163] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5163] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] chdir("./bus") = 0 [pid 5163] ioctl(4, LOOP_CLR_FD) = 0 [pid 5163] close(4) = 0 [pid 5163] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = 1 [pid 5163] unlink("./file2") = 0 [pid 5163] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5162] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5163] <... futex resumed>) = 1 [pid 5163] mkdir(".", 0777 [pid 5162] <... clone resumed>, parent_tid=[5164], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5164 [pid 5163] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5162] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5162] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5164 attached [pid 5162] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5164] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5164] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5164] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... mount resumed>) = 0 [pid 5163] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5163] chdir(".") = 0 [pid 5163] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] exit_group(0 [pid 5164] <... futex resumed>) = ? [pid 5163] <... futex resumed>) = ? [pid 5162] <... exit_group resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.459044][ T5163] loop0: detected capacity change from 0 to 1024 [ 79.490755][ T62] hfsplus: b-tree write err: -5, ino 4 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5165 ./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5165] chdir("./27") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5165] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5166], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5166 [pid 5165] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5166] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./bus", 0777) = 0 [pid 5166] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5166] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./bus") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] unlink("./file2") = 0 [pid 5166] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5165] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5167], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5167 [pid 5165] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] mkdir(".", 0777) = -1 EEXIST (File exists) [ 79.574830][ T5166] loop0: detected capacity change from 0 to 1024 [pid 5166] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5167 attached ) = 0 [pid 5166] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5166] chdir(".") = 0 [pid 5166] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5167] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5167] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] exit_group(0 [pid 5166] <... futex resumed>) = ? [pid 5165] <... exit_group resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5167] <... futex resumed>) = ? [pid 5167] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.616599][ T12] hfsplus: b-tree write err: -5, ino 4 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5168 ./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5168] chdir("./28") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5168] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5168] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5169] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... clone resumed>, parent_tid=[5169], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5169 [pid 5168] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] memfd_create("syzkaller", 0 [pid 5168] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5169] <... memfd_create resumed>) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5169] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] mkdir("./bus", 0777) = 0 [pid 5169] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5169] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] chdir("./bus") = 0 [pid 5169] ioctl(4, LOOP_CLR_FD) = 0 [pid 5169] close(4) = 0 [pid 5169] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] unlink("./file2" [pid 5168] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] <... unlink resumed>) = 0 [pid 5169] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] mkdir(".", 0777 [pid 5168] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5168] <... futex resumed>) = 0 [pid 5169] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5168] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5168] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5170], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5170 [pid 5168] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] <... mount resumed>) = 0 [pid 5169] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5169] chdir(".") = 0 [pid 5169] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5170] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5170] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = 0 [pid 5168] exit_group(0 [pid 5169] <... futex resumed>) = ? [pid 5168] <... exit_group resumed>) = ? [pid 5169] +++ exited with 0 +++ [pid 5170] <... futex resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 [ 79.718636][ T5169] loop0: detected capacity change from 0 to 1024 [ 79.744717][ T12] hfsplus: b-tree write err: -5, ino 4 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5171] chdir("./29") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5171] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5172 attached , parent_tid=[5172], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5172 [pid 5172] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5172] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5171] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5172] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./bus", 0777) = 0 [pid 5172] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5172] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./bus") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5172] unlink("./file2" [pid 5171] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... unlink resumed>) = 0 [pid 5172] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5172] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5172] mkdir(".", 0777 [pid 5171] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5172] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5171] <... futex resumed>) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5171] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5173 attached , parent_tid=[5173], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5173 [pid 5171] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5173] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5173] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5172] <... mount resumed>) = 0 [pid 5172] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5172] chdir(".") = 0 [pid 5172] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] exit_group(0 [pid 5172] <... futex resumed>) = ? [pid 5171] <... exit_group resumed>) = ? [pid 5173] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5174 ./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5174] chdir("./30") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [ 79.845681][ T5172] loop0: detected capacity change from 0 to 1024 [ 79.877627][ T2804] hfsplus: b-tree write err: -5, ino 4 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5174] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5175], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5175 [pid 5174] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5175] memfd_create("syzkaller", 0) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5175] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [pid 5175] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./bus") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5174] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] unlink("./file2" [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... unlink resumed>) = 0 [pid 5175] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5175] mkdir(".", 0777 [pid 5174] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5174] <... futex resumed>) = 0 [pid 5175] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5174] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5174] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5176], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5176 ./strace-static-x86_64: Process 5176 attached [pid 5175] <... mount resumed>) = 0 [pid 5176] set_robust_list(0x7f5ae266b9e0, 24 [pid 5175] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5176] <... set_robust_list resumed>) = 0 [pid 5176] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... openat resumed>) = 4 [pid 5174] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] chdir("." [pid 5176] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5175] <... chdir resumed>) = 0 [pid 5175] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... openat resumed>) = -1 EEXIST (File exists) [pid 5174] <... futex resumed>) = 0 [pid 5176] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 0 [pid 5175] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] exit_group(0) = ? [pid 5175] <... futex resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5176] <... futex resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5177 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5177] chdir("./31") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.948973][ T5175] loop0: detected capacity change from 0 to 1024 [ 79.980941][ T62] hfsplus: b-tree write err: -5, ino 4 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5177] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5178], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5178 [pid 5177] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5178] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./bus", 0777) = 0 [pid 5178] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5178] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./bus") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [pid 5178] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] unlink("./file2") = 0 [pid 5178] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5178] mkdir(".", 0777 [pid 5177] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5178] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5177] <... clone resumed>, parent_tid=[5179], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5179 [pid 5177] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5179] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5179] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5179] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [ 80.055122][ T5178] loop0: detected capacity change from 0 to 1024 [pid 5178] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6") = 0 [pid 5178] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5178] chdir(".") = 0 [pid 5178] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] exit_group(0) = ? [pid 5178] <... futex resumed>) = ? [pid 5179] <... futex resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 80.102153][ T2804] hfsplus: b-tree write err: -5, ino 4 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5180] chdir("./32") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5180] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5181 attached , parent_tid=[5181], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5181 [pid 5180] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5181] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./bus", 0777) = 0 [pid 5181] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5181] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./bus") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] unlink("./file2") = 0 [pid 5181] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5181] <... futex resumed>) = 1 [pid 5180] <... mmap resumed>) = 0x7f5ae264b000 [pid 5181] mkdir(".", 0777 [pid 5180] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5181] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5180] <... mprotect resumed>) = 0 [pid 5181] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5180] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5182], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5182 [ 80.195445][ T5181] loop0: detected capacity change from 0 to 1024 [pid 5180] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5181] <... mount resumed>) = 0 [pid 5181] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5182] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5181] <... openat resumed>) = 4 [pid 5181] chdir(".") = 0 [pid 5181] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... openat resumed>) = -1 EEXIST (File exists) [pid 5182] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] exit_group(0 [pid 5181] <... futex resumed>) = ? [pid 5180] <... exit_group resumed>) = ? [pid 5181] +++ exited with 0 +++ [pid 5182] <... futex resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5183] chdir("./33") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.238299][ T2804] hfsplus: b-tree write err: -5, ino 4 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5183] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5184], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5184 [pid 5183] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5184] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./bus", 0777) = 0 [pid 5184] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./bus") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] unlink("./file2") = 0 [pid 5184] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5183] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5185], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5185 [pid 5183] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] mkdir(".", 0777) = -1 EEXIST (File exists) [ 80.316826][ T5184] loop0: detected capacity change from 0 to 1024 [pid 5184] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6") = 0 [pid 5184] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5184] chdir(".") = 0 [pid 5184] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5185] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5185] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] exit_group(0 [pid 5184] <... futex resumed>) = ? [pid 5183] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5186] chdir("./34") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [ 80.357180][ T2804] hfsplus: b-tree write err: -5, ino 4 [pid 5186] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5187], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5187 [pid 5186] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5187] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./bus", 0777) = 0 [pid 5187] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./bus") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] unlink("./file2") = 0 [pid 5187] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5187] mkdir(".", 0777 [pid 5186] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5188], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5188 [pid 5186] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5188] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5188] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5187] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5188] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6") = 0 [pid 5187] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5187] chdir(".") = 0 [pid 5187] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] exit_group(0 [pid 5188] <... futex resumed>) = ? [pid 5186] <... exit_group resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5187] <... futex resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 80.443245][ T5187] loop0: detected capacity change from 0 to 1024 [ 80.483335][ T62] hfsplus: b-tree write err: -5, ino 4 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5189 ./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5189] chdir("./35") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5189] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5189] <... clone resumed>, parent_tid=[5190], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5190 [pid 5190] <... set_robust_list resumed>) = 0 [pid 5189] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5190] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./bus", 0777) = 0 [pid 5190] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./bus") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5190] unlink("./file2") = 0 [pid 5189] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5190] mkdir(".", 0777 [pid 5189] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5189] <... futex resumed>) = 0 [ 80.586392][ T5190] loop0: detected capacity change from 0 to 1024 [pid 5190] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5190] <... mount resumed>) = 0 [pid 5189] <... mmap resumed>) = 0x7f5ae264b000 [pid 5190] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5189] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5190] <... openat resumed>) = 4 [pid 5189] <... mprotect resumed>) = 0 [pid 5190] chdir("." [pid 5189] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5190] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5191 attached [pid 5190] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... clone resumed>, parent_tid=[5191], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5191 [pid 5190] <... futex resumed>) = 0 [pid 5189] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5191] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5191] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5191] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0 [pid 5191] <... futex resumed>) = ? [pid 5190] <... futex resumed>) = ? [pid 5189] <... exit_group resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 [ 80.629654][ T2804] hfsplus: b-tree write err: -5, ino 4 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x55555687e5d0) = 5192 [pid 5192] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5192] chdir("./36") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5192] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5193 attached , parent_tid=[5193], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5193 [pid 5192] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5193] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [pid 5193] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./bus") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 0 [pid 5193] unlink("./file2") = 0 [pid 5193] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] mkdir(".", 0777 [pid 5192] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5193] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5193] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5192] <... mmap resumed>) = 0x7f5ae264b000 [pid 5192] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x7f5ae266b9e0, 24 [pid 5192] <... clone resumed>, parent_tid=[5194], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5194 [pid 5194] <... set_robust_list resumed>) = 0 [pid 5192] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... openat resumed>) = -1 EEXIST (File exists) [pid 5194] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5194] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... mount resumed>) = 0 [pid 5193] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5193] chdir(".") = 0 [pid 5193] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] exit_group(0 [pid 5193] <... futex resumed>) = ? [pid 5192] <... exit_group resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5194] <... futex resumed>) = ? [pid 5194] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.720292][ T5193] loop0: detected capacity change from 0 to 1024 [ 80.755772][ T2804] hfsplus: b-tree write err: -5, ino 4 openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5195 ./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5195] chdir("./37") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5195] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5196], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5196 [pid 5195] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5196] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./bus", 0777) = 0 [pid 5196] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./bus") = 0 [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [pid 5196] close(4) = 0 [pid 5196] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] unlink("./file2") = 0 [pid 5196] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5195] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5197], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5197 [pid 5195] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5196] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5197] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5196] <... mount resumed>) = 0 [pid 5196] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5196] chdir(".") = 0 [pid 5196] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] <... openat resumed>) = -1 EEXIST (File exists) [pid 5197] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5197] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] exit_group(0) = ? [pid 5196] <... futex resumed>) = ? [pid 5197] <... futex resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 [ 80.852069][ T5196] loop0: detected capacity change from 0 to 1024 [ 80.879455][ T2804] hfsplus: b-tree write err: -5, ino 4 close(4) = 0 rmdir("./37/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5198 attached , child_tidptr=0x55555687e5d0) = 5198 [pid 5198] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5198] chdir("./38") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5198] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5199] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... clone resumed>, parent_tid=[5199], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5199 [pid 5198] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] memfd_create("syzkaller", 0 [pid 5198] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] <... memfd_create resumed>) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5199] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./bus", 0777) = 0 [pid 5199] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5199] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./bus") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5199] unlink("./file2" [pid 5198] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... unlink resumed>) = 0 [pid 5199] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5198] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] mkdir(".", 0777 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5198] <... futex resumed>) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5199] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [ 80.984342][ T5199] loop0: detected capacity change from 0 to 1024 [pid 5198] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5200 [pid 5198] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5200] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5200] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5200] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... mount resumed>) = 0 [pid 5199] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5199] chdir(".") = 0 [pid 5199] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] exit_group(0 [pid 5199] <... futex resumed>) = ? [pid 5198] <... exit_group resumed>) = ? [pid 5200] <... futex resumed>) = ? [pid 5199] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x55555687e5d0) = 5201 [pid 5201] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5201] chdir("./39") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [ 81.032195][ T12] hfsplus: b-tree write err: -5, ino 4 [pid 5201] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5202], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5202 [pid 5201] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5202] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./bus", 0777) = 0 [pid 5202] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./bus") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] unlink("./file2") = 0 [pid 5202] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5201] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5203], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5203 [pid 5201] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5202] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5203] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5203] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5203] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... mount resumed>) = 0 [pid 5202] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5202] chdir(".") = 0 [pid 5202] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] exit_group(0 [pid 5202] <... futex resumed>) = ? [pid 5201] <... exit_group resumed>) = ? [pid 5203] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 81.109261][ T5202] loop0: detected capacity change from 0 to 1024 [ 81.134150][ T2804] hfsplus: b-tree write err: -5, ino 4 rmdir("./39/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5204 ./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5204] chdir("./40") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5204] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5205 attached , parent_tid=[5205], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5205 [pid 5205] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5204] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... set_robust_list resumed>) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5205] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./bus", 0777) = 0 [pid 5205] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./bus") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] unlink("./file2" [pid 5204] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... unlink resumed>) = 0 [pid 5205] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] mkdir(".", 0777 [pid 5204] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5204] <... futex resumed>) = 0 [pid 5205] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5204] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5206], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5206 [pid 5204] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x7f5ae266b9e0, 24 [pid 5205] <... mount resumed>) = 0 [pid 5206] <... set_robust_list resumed>) = 0 [pid 5205] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5206] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5205] <... openat resumed>) = 4 [pid 5205] chdir("." [pid 5206] <... openat resumed>) = -1 EEXIST (File exists) [pid 5205] <... chdir resumed>) = 0 [pid 5206] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5206] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] exit_group(0 [pid 5206] <... futex resumed>) = ? [pid 5205] <... futex resumed>) = ? [pid 5204] <... exit_group resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 [ 81.236311][ T5205] loop0: detected capacity change from 0 to 1024 [ 81.274490][ T12] hfsplus: b-tree write err: -5, ino 4 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x55555687e5d0) = 5207 [pid 5207] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5207] chdir("./41") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5207] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5207] <... clone resumed>, parent_tid=[5208], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5208 [pid 5208] <... set_robust_list resumed>) = 0 [pid 5208] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5208] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./bus", 0777) = 0 [pid 5208] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5208] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./bus") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] unlink("./file2") = 0 [pid 5208] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5207] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5209], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5209 [pid 5207] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5208] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5209] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5209] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5209] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] <... mount resumed>) = 0 [pid 5208] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5208] chdir(".") = 0 [pid 5208] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] exit_group(0) = ? [pid 5208] <... futex resumed>) = ? [pid 5209] <... futex resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5210 ./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5210] chdir("./42") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.365274][ T5208] loop0: detected capacity change from 0 to 1024 [ 81.391778][ T2804] hfsplus: b-tree write err: -5, ino 4 [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5210] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5211], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5211 [pid 5210] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5211] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] mkdir("./bus", 0777) = 0 [pid 5211] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5211] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./bus") = 0 [pid 5211] ioctl(4, LOOP_CLR_FD) = 0 [pid 5211] close(4) = 0 [pid 5211] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 1 [pid 5211] unlink("./file2") = 0 [pid 5211] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5210] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5212], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5212 [pid 5210] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 1 [pid 5211] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5211] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6") = 0 [pid 5211] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5211] chdir(".") = 0 [pid 5211] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5212] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5212] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = 0 [pid 5210] exit_group(0) = ? [pid 5211] <... futex resumed>) = ? [pid 5211] +++ exited with 0 +++ [pid 5212] <... futex resumed>) = ? [pid 5212] +++ exited with 0 +++ [pid 5210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5210, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 [ 81.469943][ T5211] loop0: detected capacity change from 0 to 1024 [ 81.496029][ T2804] hfsplus: b-tree write err: -5, ino 4 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5214 ./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5214] chdir("./43") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5214] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5214] <... clone resumed>, parent_tid=[5215], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5215 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5214] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5215] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./bus", 0777) = 0 [pid 5215] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5215] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./bus") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5214] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] unlink("./file2") = 0 [pid 5215] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] <... futex resumed>) = 0 [pid 5215] mkdir(".", 0777 [pid 5214] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5215] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5215] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5214] <... mmap resumed>) = 0x7f5ae264b000 [pid 5214] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5216], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5216 [pid 5214] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5216] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5216] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5216] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... mount resumed>) = 0 [pid 5215] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5215] chdir(".") = 0 [pid 5215] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] exit_group(0) = ? [pid 5216] <... futex resumed>) = ? [pid 5215] <... futex resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 81.596852][ T5215] loop0: detected capacity change from 0 to 1024 [ 81.636213][ T12] hfsplus: b-tree write err: -5, ino 4 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x55555687e5d0) = 5217 [pid 5217] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5217] chdir("./44") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5217] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5218], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5218] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] memfd_create("syzkaller", 0 [pid 5217] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] <... memfd_create resumed>) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5218] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./bus", 0777) = 0 [pid 5218] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./bus") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] unlink("./file2" [pid 5217] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... unlink resumed>) = 0 [pid 5218] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5217] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5218] mkdir(".", 0777 [pid 5217] <... mprotect resumed>) = 0 [pid 5218] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5217] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5218] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5219 attached [pid 5217] <... clone resumed>, parent_tid=[5219], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5219 [pid 5219] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5219] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... mount resumed>) = 0 [pid 5219] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5219] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5218] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5217] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... openat resumed>) = -1 EEXIST (File exists) [pid 5218] <... openat resumed>) = 4 [pid 5219] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] chdir("." [pid 5219] <... futex resumed>) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] <... chdir resumed>) = 0 [pid 5218] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] exit_group(0 [pid 5219] <... futex resumed>) = ? [pid 5218] <... futex resumed>) = ? [pid 5217] <... exit_group resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 81.709140][ T5218] loop0: detected capacity change from 0 to 1024 [ 81.745339][ T12] hfsplus: b-tree write err: -5, ino 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5220 ./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5220] chdir("./45") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5220] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5221 attached , parent_tid=[5221], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5221 [pid 5221] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5221] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5220] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5221] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./bus", 0777) = 0 [pid 5221] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5221] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./bus") = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 [pid 5221] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] unlink("./file2" [pid 5220] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... unlink resumed>) = 0 [pid 5221] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] mkdir(".", 0777 [pid 5220] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5220] <... futex resumed>) = 0 [pid 5221] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5220] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5220] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5222 attached , parent_tid=[5222], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5222 [pid 5220] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5222] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5222] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] <... mount resumed>) = 0 [pid 5221] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5222] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... openat resumed>) = 4 [pid 5221] chdir(".") = 0 [pid 5221] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] exit_group(0 [pid 5222] <... futex resumed>) = ? [pid 5220] <... exit_group resumed>) = ? [pid 5221] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 [ 81.831356][ T5221] loop0: detected capacity change from 0 to 1024 [ 81.854477][ T2804] hfsplus: b-tree write err: -5, ino 4 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached , child_tidptr=0x55555687e5d0) = 5223 [pid 5223] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5223] chdir("./46") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5223] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5224], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5224 [pid 5223] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5224] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./bus", 0777) = 0 [pid 5224] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5224] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./bus") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5224] unlink("./file2" [pid 5223] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... unlink resumed>) = 0 [pid 5224] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5224] mkdir(".", 0777 [pid 5223] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5223] <... futex resumed>) = 0 [pid 5224] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5223] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5225], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5225 [pid 5223] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5225] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5225] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... mount resumed>) = 0 [pid 5224] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5224] chdir(".") = 0 [pid 5224] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5223] exit_group(0 [pid 5224] <... futex resumed>) = ? [pid 5223] <... exit_group resumed>) = ? [pid 5224] +++ exited with 0 +++ [pid 5225] <... futex resumed>) = ? [pid 5225] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 [ 81.948966][ T5224] loop0: detected capacity change from 0 to 1024 [ 81.974628][ T2804] hfsplus: b-tree write err: -5, ino 4 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5226 ./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5226] chdir("./47") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5226] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5226] <... clone resumed>, parent_tid=[5227], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5227 [pid 5227] <... set_robust_list resumed>) = 0 [pid 5226] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] memfd_create("syzkaller", 0 [pid 5226] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5227] <... memfd_create resumed>) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5227] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] mkdir("./bus", 0777) = 0 [pid 5227] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5227] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./bus") = 0 [pid 5227] ioctl(4, LOOP_CLR_FD) = 0 [pid 5227] close(4) = 0 [pid 5227] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5226] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] unlink("./file2" [pid 5226] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... unlink resumed>) = 0 [pid 5227] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5226] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5227] mkdir(".", 0777 [pid 5226] <... mprotect resumed>) = 0 [pid 5226] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5227] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5227] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5228 attached [pid 5226] <... clone resumed>, parent_tid=[5228], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5228 [ 82.070736][ T5227] loop0: detected capacity change from 0 to 1024 [pid 5228] set_robust_list(0x7f5ae266b9e0, 24 [pid 5226] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... set_robust_list resumed>) = 0 [pid 5228] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5228] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5228] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... mount resumed>) = 0 [pid 5227] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5227] chdir(".") = 0 [pid 5227] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] exit_group(0 [pid 5227] <... futex resumed>) = ? [pid 5226] <... exit_group resumed>) = ? [pid 5227] +++ exited with 0 +++ [pid 5228] <... futex resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 82.112883][ T2804] hfsplus: b-tree write err: -5, ino 4 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5229 ./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5229] chdir("./48") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5229] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5230], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5230 [pid 5229] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5230] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./bus", 0777) = 0 [pid 5230] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5230] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./bus") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5230] unlink("./file2" [pid 5229] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... unlink resumed>) = 0 [pid 5230] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5230] mkdir(".", 0777 [pid 5229] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5230] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5229] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5230] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5229] <... mprotect resumed>) = 0 [ 82.200105][ T5230] loop0: detected capacity change from 0 to 1024 [pid 5229] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5231], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5231 [pid 5229] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5231] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5231] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5231] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... mount resumed>) = 0 [pid 5230] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5230] chdir(".") = 0 [pid 5230] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 82.247591][ T2804] hfsplus: b-tree write err: -5, ino 4 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5232] chdir("./49") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5232] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5233 attached , parent_tid=[5233], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5233 [pid 5232] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5233] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] mkdir("./bus", 0777) = 0 [pid 5233] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5233] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./bus") = 0 [pid 5233] ioctl(4, LOOP_CLR_FD) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5233] unlink("./file2" [pid 5232] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... unlink resumed>) = 0 [pid 5233] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5233] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5233] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5232] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... mount resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5233] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5233] chdir(".") = 0 [pid 5233] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5232] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5234 attached , parent_tid=[5234], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5234 [pid 5234] set_robust_list(0x7f5ae266b9e0, 24 [pid 5232] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5234] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5232] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... openat resumed>) = -1 EEXIST (File exists) [pid 5234] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5232] exit_group(0 [pid 5233] <... futex resumed>) = ? [pid 5232] <... exit_group resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5234] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 [ 82.362232][ T5233] loop0: detected capacity change from 0 to 1024 [ 82.396854][ T62] hfsplus: b-tree write err: -5, ino 4 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5235 ./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5235] chdir("./50") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5235] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5236], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5236 [pid 5235] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5236] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./bus", 0777) = 0 [pid 5236] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5236] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./bus") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5235] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] unlink("./file2") = 0 [pid 5236] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5235] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5237], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5237 [pid 5235] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5236] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x7f5ae266b9e0, 24) = 0 [pid 5237] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5237] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5237] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... mount resumed>) = 0 [pid 5236] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5236] chdir(".") = 0 [pid 5236] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] exit_group(0 [pid 5236] <... futex resumed>) = ? [pid 5235] <... exit_group resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5237] <... futex resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 [ 82.479228][ T5236] loop0: detected capacity change from 0 to 1024 [ 82.515914][ T62] hfsplus: b-tree write err: -5, ino 4 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5238] chdir("./51") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5238] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5239 attached , parent_tid=[5239], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5239 [pid 5239] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5238] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] <... set_robust_list resumed>) = 0 [pid 5238] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5239] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./bus", 0777) = 0 [pid 5239] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5239] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./bus") = 0 [pid 5239] ioctl(4, LOOP_CLR_FD) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] unlink("./file2" [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... unlink resumed>) = 0 [pid 5239] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5239] mkdir(".", 0777 [pid 5238] <... mmap resumed>) = 0x7f5ae264b000 [pid 5238] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5239] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5238] <... mprotect resumed>) = 0 [pid 5239] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5238] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5240], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5240 [pid 5238] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5240 attached [pid 5239] <... mount resumed>) = 0 [pid 5239] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5240] set_robust_list(0x7f5ae266b9e0, 24 [pid 5239] <... openat resumed>) = 4 [pid 5239] chdir("." [pid 5240] <... set_robust_list resumed>) = 0 [pid 5239] <... chdir resumed>) = 0 [pid 5240] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5239] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] <... openat resumed>) = -1 EEXIST (File exists) [pid 5240] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] exit_group(0 [pid 5239] <... futex resumed>) = ? [pid 5238] <... exit_group resumed>) = ? [pid 5239] +++ exited with 0 +++ [pid 5240] <... futex resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 [ 82.640861][ T5239] loop0: detected capacity change from 0 to 1024 [ 82.675833][ T62] hfsplus: b-tree write err: -5, ino 4 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5241 ./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5241] chdir("./52") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5241] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5242 attached , parent_tid=[5242], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5242 [pid 5242] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5241] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... set_robust_list resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5242] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./bus", 0777) = 0 [pid 5242] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5242] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./bus") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... futex resumed>) = 0 [pid 5242] unlink("./file2") = 0 [pid 5242] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5242] mkdir(".", 0777 [pid 5241] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5242] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5241] <... futex resumed>) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5241] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5243], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5243 [pid 5241] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5243 attached [pid 5242] <... mount resumed>) = 0 [pid 5243] set_robust_list(0x7f5ae266b9e0, 24 [pid 5242] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5243] <... set_robust_list resumed>) = 0 [pid 5242] <... openat resumed>) = 4 [pid 5243] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5242] chdir(".") = 0 [pid 5242] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... openat resumed>) = -1 EEXIST (File exists) [pid 5242] <... futex resumed>) = 0 [pid 5243] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5243] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] exit_group(0 [pid 5242] <... futex resumed>) = ? [pid 5241] <... exit_group resumed>) = ? [pid 5243] <... futex resumed>) = ? [pid 5242] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 82.766732][ T5242] loop0: detected capacity change from 0 to 1024 [ 82.800967][ T12] hfsplus: b-tree write err: -5, ino 4 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5244 ./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5244] chdir("./53") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5244] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5245] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... clone resumed>, parent_tid=[5245], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5245 [pid 5244] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5244] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5245] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./bus", 0777) = 0 [pid 5245] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5245] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./bus") = 0 [pid 5245] ioctl(4, LOOP_CLR_FD) = 0 [pid 5245] close(4) = 0 [pid 5245] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5245] unlink("./file2" [pid 5244] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... unlink resumed>) = 0 [pid 5245] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5245] mkdir(".", 0777 [pid 5244] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5244] <... futex resumed>) = 0 [pid 5245] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5244] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5246], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5246 [pid 5244] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5246 attached [pid 5245] <... mount resumed>) = 0 [pid 5244] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] set_robust_list(0x7f5ae266b9e0, 24 [pid 5245] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5246] <... set_robust_list resumed>) = 0 [pid 5246] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5245] <... openat resumed>) = 4 [pid 5245] chdir(".") = 0 [pid 5246] <... openat resumed>) = -1 EEXIST (File exists) [pid 5246] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5244] exit_group(0) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] <... futex resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 [ 82.900834][ T5245] loop0: detected capacity change from 0 to 1024 [ 82.939543][ T12] hfsplus: b-tree write err: -5, ino 4 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5247 ./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5247] chdir("./54") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5247] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5248 attached , parent_tid=[5248], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5248 [pid 5247] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] set_robust_list(0x7f5aeaa0c9e0, 24) = 0 [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5248] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./bus", 0777) = 0 [pid 5248] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5248] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./bus") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 0 [pid 5248] unlink("./file2") = 0 [pid 5248] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5247] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5249], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5249 ./strace-static-x86_64: Process 5249 attached [pid 5247] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... futex resumed>) = 1 [pid 5248] mkdir(".", 0777 [pid 5249] set_robust_list(0x7f5ae266b9e0, 24 [pid 5248] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5248] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5249] <... set_robust_list resumed>) = 0 [ 83.014974][ T5248] loop0: detected capacity change from 0 to 1024 [pid 5249] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5249] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = 1 [pid 5249] futex(0x7f5aeaae5798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] <... mount resumed>) = 0 [pid 5248] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5248] chdir(".") = 0 [pid 5248] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] exit_group(0 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... exit_group resumed>) = ? [pid 5249] <... futex resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555687e5d0) = 5250 ./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5250] chdir("./55") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [ 83.058305][ T12] hfsplus: b-tree write err: -5, ino 4 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5250] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5251], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5250] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5251] memfd_create("syzkaller", 0 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... memfd_create resumed>) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5250] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5251] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./bus", 0777) = 0 [pid 5251] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5251] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./bus") = 0 [pid 5251] ioctl(4, LOOP_CLR_FD) = 0 [pid 5251] close(4) = 0 [pid 5251] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 1 [pid 5251] unlink("./file2") = 0 [pid 5251] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ae264b000 [pid 5250] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5252 [pid 5250] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 1 [pid 5251] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5251] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6"./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f5ae266b9e0, 24 [pid 5251] <... mount resumed>) = 0 [pid 5251] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5252] <... set_robust_list resumed>) = 0 [pid 5251] <... openat resumed>) = 4 [pid 5251] chdir(".") = 0 [pid 5251] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f5aeaae5788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000) = -1 EEXIST (File exists) [pid 5252] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555687f620 /* 4 entries */, 32768) = 104 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 83.163977][ T5251] loop0: detected capacity change from 0 to 1024 [ 83.198778][ T2804] hfsplus: b-tree write err: -5, ino 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556887660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556887660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 getdents64(3, 0x55555687f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x55555687e5e0, 24) = 0 [pid 5253] chdir("./56") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5082] <... clone resumed>, child_tidptr=0x55555687e5d0) = 5253 [pid 5253] <... prctl resumed>) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5aea9ec000 [pid 5253] mprotect(0x7f5aea9ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] clone(child_stack=0x7f5aeaa0c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5254 attached , parent_tid=[5254], tls=0x7f5aeaa0c700, child_tidptr=0x7f5aeaa0c9d0) = 5254 [pid 5254] set_robust_list(0x7f5aeaa0c9e0, 24 [pid 5253] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ae25ec000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5254] munmap(0x7f5ae25ec000, 524288) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./bus", 0777) = 0 [pid 5254] mount("/dev/loop0", "./bus", "hfsplus", MS_NOEXEC|MS_RELATIME, "") = 0 [pid 5254] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./bus") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5253] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f5aeaae578c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] unlink("./file2") = 0 [pid 5254] futex(0x7f5aeaae578c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = 1 [pid 5253] futex(0x7f5aeaae5788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f5aeaae579c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5254] mkdir(".", 0777 [pid 5253] <... mmap resumed>) = 0x7f5ae264b000 [pid 5253] mprotect(0x7f5ae264c000, 131072, PROT_READ|PROT_WRITE [pid 5254] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5253] <... mprotect resumed>) = 0 [pid 5253] clone(child_stack=0x7f5ae266b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5254] mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xee\xa7\x3c\x3c\xa0\x47\x34\x9a\xb6\x6d\x52\x9f\xb1\xe2\xbd\xc6\x18\x75\xc6\xcc\xeb\xea\x30\xba\x1b\x89\x77\xc6\x32\xdd\xcb\xe0\xed\x04\xf9\x86\xb6\x8e\xe6" [pid 5253] <... clone resumed>, parent_tid=[5255], tls=0x7f5ae266b700, child_tidptr=0x7f5ae266b9d0) = 5255 [pid 5253] futex(0x7f5aeaae5798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f5aeaae579c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x7f5ae266b9e0, 24) = 0 [ 83.276270][ T5254] loop0: detected capacity change from 0 to 1024 [ 83.313591][ T62] hfsplus: b-tree write err: -5, ino 4 [ 83.321988][ T12] ------------[ cut here ]------------ [ 83.328088][ T12] WARNING: CPU: 1 PID: 12 at fs/hfsplus/inode.c:616 hfsplus_cat_write_inode+0x6dd/0x7a0 [ 83.339558][ T12] Modules linked in: [ 83.343596][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted 6.3.0-rc2-next-20230317-syzkaller #0 [ 83.353612][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 83.364041][ T12] Workqueue: writeback wb_workfn (flush-7:0) [pid 5255] openat(AT_FDCWD, "./file2", O_RDWR|O_CREAT|O_NOCTTY|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|FASYNC, 000 [pid 5253] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 83.370703][ T12] RIP: 0010:hfsplus_cat_write_inode+0x6dd/0x7a0 [ 83.377014][ T12] Code: ff ff e8 06 f5 87 ff e9 42 fa ff ff 4c 89 e7 e8 b9 f4 87 ff e9 0b fc ff ff e8 0f 70 35 ff 0f 0b e9 44 fc ff ff e8 03 70 35 ff <0f> 0b e9 15 fe ff ff 41 bd fb ff ff ff e9 58 fa ff ff 4c 89 f7 e8 [ 83.397041][ T12] RSP: 0018:ffffc900001174b8 EFLAGS: 00010293 [ 83.403242][ T12] RAX: 0000000000000000 RBX: 1ffff92000022e99 RCX: 0000000000000000 [ 83.411390][ T12] RDX: ffff8880167b57c0 RSI: ffffffff824d444d RDI: 0000000000000005 [ 83.419459][ T12] RBP: ffff88807878e6f0 R08: 0000000000000005 R09: 00000000000000f7 [ 83.427468][ T12] R10: 0000000000000058 R11: 0000000000000000 R12: 0000000000000058 [ 83.435559][ T12] R13: 0000000000000000 R14: ffff88807878e680 R15: ffffc900001174f8 [ 83.443625][ T12] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 83.452848][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.459505][ T12] CR2: 00007f5ae266b718 CR3: 0000000079e42000 CR4: 00000000003506e0 [ 83.467515][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.475600][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.483634][ T12] Call Trace: [ 83.486940][ T12] [ 83.489969][ T12] ? write_cache_pages+0x7c8/0xd30 [ 83.495296][ T12] ? hfsplus_cat_read_inode+0x9e0/0x9e0 [ 83.501062][ T12] ? lock_sync+0x190/0x190 [ 83.505542][ T12] ? find_held_lock+0x2d/0x110 [ 83.510444][ T12] ? hfsplus_ext_write_extent+0xcb/0x200 [ 83.516139][ T12] ? lock_downgrade+0x690/0x690 [ 83.521185][ T12] ? rcu_is_watching+0x12/0xb0 [pid 5253] exit_group(0) = ? [ 83.526013][ T12] ? __mutex_lock+0x231/0x1350 [ 83.530954][ T12] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 83.536679][ T12] ? wait_for_completion_io_timeout+0x20/0x20 [ 83.543027][ T12] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.549205][ T12] ? __lock_acquire+0x1916/0x5df0 [ 83.554294][ T12] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.560433][ T12] ? hfsplus_ext_write_extent+0xcb/0x200 [ 83.566120][ T12] ? hfsplus_ext_cmp_key+0x300/0x300 [ 83.571559][ T12] ? __writeback_single_inode+0x2e4/0xdc0 [ 83.577339][ T12] ? lock_downgrade+0x690/0x690 [ 83.582477][ T12] ? do_raw_spin_lock+0x124/0x2b0 [ 83.587763][ T12] hfsplus_write_inode+0x93/0x520 [ 83.592915][ T12] __writeback_single_inode+0x9f8/0xdc0 [ 83.598811][ T12] writeback_sb_inodes+0x54d/0xe70 [ 83.603974][ T12] ? sync_inode_metadata+0xe0/0xe0 [ 83.609255][ T12] ? rcu_is_watching+0x12/0xb0 [ 83.614097][ T12] ? queue_io+0x386/0x4e0 [ 83.618799][ T12] wb_writeback+0x294/0xa50 [ 83.623384][ T12] ? __writeback_inodes_wb+0x280/0x280 [ 83.628977][ T12] ? lock_downgrade+0x690/0x690 [ 83.633995][ T12] ? mark_held_locks+0x9f/0xe0 [ 83.638876][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.644156][ T12] wb_workfn+0x2a5/0xcc0 [ 83.648625][ T12] ? lock_acquire+0x32/0xc0 [ 83.653199][ T12] ? inode_wait_for_writeback+0x40/0x40 [ 83.658836][ T12] ? lock_sync+0x190/0x190 [ 83.663312][ T12] ? rcu_is_watching+0x12/0xb0 [ 83.668302][ T12] ? trace_lock_acquire+0x12d/0x180 [ 83.673817][ T12] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.679884][ T12] ? process_one_work+0x8ae/0x15c0 [ 83.686552][ T12] ? lock_acquire+0x32/0xc0 [ 83.691155][ T12] ? process_one_work+0x8ae/0x15c0 [ 83.696408][ T12] process_one_work+0x991/0x15c0 [ 83.701483][ T12] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 83.707016][ T12] ? rcu_is_watching+0x12/0xb0 [ 83.711896][ T12] ? spin_bug+0x1c0/0x1c0 [ 83.716287][ T12] ? lock_acquire+0x32/0xc0 [ 83.720871][ T12] ? worker_thread+0x16d/0x1090 [ 83.725895][ T12] worker_thread+0x669/0x1090 [ 83.730735][ T12] ? process_one_work+0x15c0/0x15c0 [ 83.736042][ T12] kthread+0x33e/0x440 [ 83.740212][ T12] ? kthread_complete_and_exit+0x40/0x40 [ 83.747389][ T12] ret_from_fork+0x1f/0x30 [ 83.751959][ T12] [ 83.755028][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 83.762318][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted 6.3.0-rc2-next-20230317-syzkaller #0 [ 83.771809][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 83.781927][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 83.788153][ T12] Call Trace: [ 83.791481][ T12] [ 83.794456][ T12] dump_stack_lvl+0xd9/0x150 [ 83.799077][ T12] panic+0x688/0x730 [ 83.803006][ T12] ? panic_smp_self_stop+0x90/0x90 [ 83.808158][ T12] ? show_trace_log_lvl+0x285/0x390 [ 83.813437][ T12] ? hfsplus_cat_write_inode+0x6dd/0x7a0 [ 83.820653][ T12] check_panic_on_warn+0xb1/0xc0 [ 83.826296][ T12] __warn+0xf2/0x390 [ 83.830395][ T12] ? hfsplus_cat_write_inode+0x6dd/0x7a0 [ 83.836261][ T12] report_bug+0x2da/0x500 [ 83.840694][ T12] handle_bug+0x3c/0x70 [ 83.844914][ T12] exc_invalid_op+0x18/0x50 [ 83.849565][ T12] asm_exc_invalid_op+0x1a/0x20 [ 83.854626][ T12] RIP: 0010:hfsplus_cat_write_inode+0x6dd/0x7a0 [ 83.861025][ T12] Code: ff ff e8 06 f5 87 ff e9 42 fa ff ff 4c 89 e7 e8 b9 f4 87 ff e9 0b fc ff ff e8 0f 70 35 ff 0f 0b e9 44 fc ff ff e8 03 70 35 ff <0f> 0b e9 15 fe ff ff 41 bd fb ff ff ff e9 58 fa ff ff 4c 89 f7 e8 [ 83.880850][ T12] RSP: 0018:ffffc900001174b8 EFLAGS: 00010293 [ 83.887383][ T12] RAX: 0000000000000000 RBX: 1ffff92000022e99 RCX: 0000000000000000 [ 83.895636][ T12] RDX: ffff8880167b57c0 RSI: ffffffff824d444d RDI: 0000000000000005 [ 83.903899][ T12] RBP: ffff88807878e6f0 R08: 0000000000000005 R09: 00000000000000f7 [ 83.912243][ T12] R10: 0000000000000058 R11: 0000000000000000 R12: 0000000000000058 [ 83.920414][ T12] R13: 0000000000000000 R14: ffff88807878e680 R15: ffffc900001174f8 [ 83.928531][ T12] ? hfsplus_cat_write_inode+0x6dd/0x7a0 [ 83.934227][ T12] ? hfsplus_cat_write_inode+0x6dd/0x7a0 [ 83.939922][ T12] ? write_cache_pages+0x7c8/0xd30 [ 83.945106][ T12] ? hfsplus_cat_read_inode+0x9e0/0x9e0 [ 83.950738][ T12] ? lock_sync+0x190/0x190 [ 83.955309][ T12] ? find_held_lock+0x2d/0x110 [ 83.960245][ T12] ? hfsplus_ext_write_extent+0xcb/0x200 [ 83.966021][ T12] ? lock_downgrade+0x690/0x690 [ 83.971635][ T12] ? rcu_is_watching+0x12/0xb0 [ 83.976491][ T12] ? __mutex_lock+0x231/0x1350 [ 83.981319][ T12] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 83.987104][ T12] ? wait_for_completion_io_timeout+0x20/0x20 [ 83.993253][ T12] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.999561][ T12] ? __lock_acquire+0x1916/0x5df0 [ 84.004732][ T12] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 84.010876][ T12] ? hfsplus_ext_write_extent+0xcb/0x200 [ 84.016681][ T12] ? hfsplus_ext_cmp_key+0x300/0x300 [ 84.022103][ T12] ? __writeback_single_inode+0x2e4/0xdc0 [ 84.027952][ T12] ? lock_downgrade+0x690/0x690 [ 84.032838][ T12] ? do_raw_spin_lock+0x124/0x2b0 [ 84.037912][ T12] hfsplus_write_inode+0x93/0x520 [ 84.043003][ T12] __writeback_single_inode+0x9f8/0xdc0 [ 84.048594][ T12] writeback_sb_inodes+0x54d/0xe70 [ 84.053792][ T12] ? sync_inode_metadata+0xe0/0xe0 [ 84.058988][ T12] ? rcu_is_watching+0x12/0xb0 [ 84.063829][ T12] ? queue_io+0x386/0x4e0 [ 84.068288][ T12] wb_writeback+0x294/0xa50 [ 84.072834][ T12] ? __writeback_inodes_wb+0x280/0x280 [ 84.078354][ T12] ? lock_downgrade+0x690/0x690 [ 84.083281][ T12] ? mark_held_locks+0x9f/0xe0 [ 84.088357][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 84.093630][ T12] wb_workfn+0x2a5/0xcc0 [ 84.097939][ T12] ? lock_acquire+0x32/0xc0 [ 84.102519][ T12] ? inode_wait_for_writeback+0x40/0x40 [ 84.108558][ T12] ? lock_sync+0x190/0x190 [ 84.113023][ T12] ? rcu_is_watching+0x12/0xb0 [ 84.117852][ T12] ? trace_lock_acquire+0x12d/0x180 [ 84.123111][ T12] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 84.129347][ T12] ? process_one_work+0x8ae/0x15c0 [ 84.134685][ T12] ? lock_acquire+0x32/0xc0 [ 84.139228][ T12] ? process_one_work+0x8ae/0x15c0 [ 84.144479][ T12] process_one_work+0x991/0x15c0 [ 84.149489][ T12] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 84.154936][ T12] ? rcu_is_watching+0x12/0xb0 [ 84.159859][ T12] ? spin_bug+0x1c0/0x1c0 [ 84.164279][ T12] ? lock_acquire+0x32/0xc0 [ 84.168837][ T12] ? worker_thread+0x16d/0x1090 [ 84.173751][ T12] worker_thread+0x669/0x1090 [ 84.178494][ T12] ? process_one_work+0x15c0/0x15c0 [ 84.183861][ T12] kthread+0x33e/0x440 [ 84.187971][ T12] ? kthread_complete_and_exit+0x40/0x40 [ 84.193647][ T12] ret_from_fork+0x1f/0x30 [ 84.198224][ T12] [ 84.201449][ T12] Kernel Offset: disabled [ 84.205910][ T12] Rebooting in 86400 seconds..